PHP - Is “include” function secure?

Question

I\'m using the \"include\" function (e.x. \"include \'header2.php\'\" or \"include \'class.users.php\'\") to add the header or session class in my website. I don\'t really r

Answer 1

No! An include() is NOT secure. Without considering a single line of code, consider this: include() still allows your script to chug along even if a file fails to load. It will continue to run with a warning. SO, this widens the attack vector of your php script for the clever malicious user.

Within a modern application design, why would the inclusion of a file ever need to be optional? If your application is not whole, you want it to fail!