What does the dot-slash do to PHP include calls?

What does the dot-slash do to PHP include calls?

php include file path
php include file from another folder
php include not working
php include relative path
php include path
php call function from another file
php include url
php include module

A. What does this do?

require ("./file.php");

B. in comparison to this?

require ("file.php");

(Its not up-one-directory.. which would be)

require ("../file.php");

./ is the current directory. It is largely the same as just file.php, but in many cases (this one included) it doesn't check any standard places PHP might look for a file, instead checking only the current directory.

From the PHP documentation (notice the last sentence):

Files for including are first looked for in each include_path entry relative to the current working directory, and then in the directory of current script. E.g. if your include_path is libraries, current working directory is /www/, you included include/a.php and there is include "b.php" in that file, b.php is first looked in /www/libraries/ and then in /www/include/. If filename begins with ./ or ../, it is looked only in the current working directory.

include - Manual, (dot slash) when calling a file compared to not using it - php. it is mentioned, that Using a . in the include path allows for relative includes as it means the current directory. You can try that but I doubt that the difference would be significant. index.php inc/inner.php inc/inner-inner.php * inner-inner.php <- Doesn't exist, PHP ERROR. Instead, we should use the ./ syntax to include inner-inner. This will instruct that the file we are including must be included relative to the current file, not to the current "entry point" of the PHP script.

The first version forces the internal mechanism to include files relatively to the... directly executed file. So for example you have


// directly executed script (php -f index.php or from a browser)
include 'second.php';


// This is included relatively to index.php
// Actually, it is first searched relatively to include_path, then relatively
// to index.php
include './third.php';


// This is included relatively to second.php ONLY. It does not search
// include_path
return "foo";

in PHP what is the difference if i use ./ (dot slash) when calling a file , Dot-dot-slash tells the browser to move one level back toward the root directory. How do I save a webpage offline (in HTML) so that it is displayed exactly the same Can I call HTML codes or are there other terms to refer to those “codes”? If you include a function not in your directory(e.g c:// or file://) but instead include using http. The include can only return what was echoed in the file, but something like a variable or function will not be shown.

The Short Answer

You're right, it's not up one directory. A . refers to the directory you're in, and .. refers to the parent directory.

Meaning, ./file.php and file.php are functionally equivalent in PHP. Here's the relevent page of documentation: http://us.php.net/manual/en/wrappers.file.php

The Longer Answer

However, just because they work the same in this context doesn't mean they're always the same.

When you're operating in a *nix shell environment, and you type the name of an executable file, the shell will look in the PATH directories, but it won't look in the CWD, or the directory you're currently in.

So, if you're in a directory that has a file called: myprogram.php (this would be a PHP CLI file) and you just type:


it doesn't matter if your program is executable or not. The shell will look in /bin/, /usr/bin/ etc for your file, but it won't look in ./, or the directory you're in.

To execute that program without adding your directory to the PATH, you need to type


So really, ./ is more explicit. It means, "the file you're looking for HAS to be right here" and no ./ means, "the file should be somewhere the program looking for files".

What does ../ (dot dot slash) mean in HTML file path?, This attack is also known as “dot-dot-slash”, “directory traversal”, “directory there is a risk that an attacker may be able to include a file or remote resource you didn't Prefer working without user input when using file system calls; Use indexes Use chrooted jails and code access policies to restrict where the files can be  What does “./” (dot slash) refer to in terms of an HTML file path location? Ask Question Would it be considered inappropriate or even illegal to call 911 if I

The dot-slash forces the file to be found in the current directory only, rather than additionally searching the paths mentioned in the include_path setting.

Path Traversal Software Attack, If there are no slashes in path , a dot ('. For example, if a script called 'database.​init.php' which is included from anywhere on the filesystem wants to include the script 'database.class.php', which lays As of PHP 5.3.0, you can use __DIR__ as a replacement for dirname(__FILE__) You can use it to get parent directory: PHP - File Inclusion. You can include the content of a PHP file into another PHP file before the server executes it. There are two PHP functions which can be used to included one PHP file into another PHP file. This is a strong point of PHP which helps in creating functions, headers, footers, or elements that can be reused on multiple pages.

Simply you are telling php to include the file in the current directory only or fail if the file is not present.

If you use the format "indexcommon3.php" and the file is not present php will search it into the include_path system variable.

For reference you can use http://www.php.net/manual/en/function.include.php

dirname - Manual, In a Unix shell, the full stop called the dot command (.) is a command that evaluates commands When this argument does not contain a slash, the shell will search for the file in all directories defined Therefore, the dot command can be used for splitting a big script into smaller pieces, potentially enabling modular design. Before using php's include, require, include_once or require_once statements, you should learn more about Local File Inclusion (also known as LFI) and Remote File Inclusion (also known as RFI). As example #3 points out, it is possible to include a php file from a remote server.

Dot (command), This means that they are organized in a tree-like pattern of directories (called folders in other systems), which may contain files and other directories. The first  So, if you want the execution to go on and show users the output, even if the include file is missing, use the include statement. Otherwise, in case of FrameWork, CMS, or a complex PHP application coding, always use the require statement to include a key file to the flow of execution.

Learning the shell - Lesson 2: Navigation, LFI attacks include different styles including the dot-dot-slash attack (. do. it Ensure Burp and OWASP BWA VM are running and that Burp is configured in the Firefox browser used to view the Look for the call to the login.php page. If all you want to do is quote a string as you would normally do in PHP (for example, when returning an Ajax result, inside a json string value, or when building a URL with args), don't use addslashes (you don't want both " and ' escaped at the same time).

Burp Suite Cookbook: Practical recipes to help you master web , Yes, there are, but your scripts do not have access to them (this is a very good thing, you don't want a hijacked script to gain access to your entire server). As far as your scripts are concerned, /var/www (or whatever your web root is) is the topmost level, regardless of what is actually on the filesystem.