PHP - Is “include” function secure?

Question

I\'m using the \"include\" function (e.x. \"include \'header2.php\'\" or \"include \'class.users.php\'\") to add the header or session class in my website. I don\'t really r

Answer 1

The best thing to do is ensure that the page you are trying to include exists first. The real security loopholes come when your include page is processed from some sort of user input, such as a URL variable. ?include=page.php As long as you are cautious of these you should be fine.

if(is_file($file)) {
    //other code, such as user verification and such should also go here
    include $file;
}
else { die(); }