In PHP, there’s a handy dandy little function called ‘include’ that basically allows you to run a php script from another file in your current script. There is also a handy dandy little function called ‘require’ that basically does exactly the same thing. Basically. Likewise, there’s ‘require_once’ and ‘include_once’ which both due the same thing, but check the current document to see if its been included or required already, and won’t do it a second time. So…which should you use, and when should you use it?
It all depends on the application. With ‘include’, if an error occures in the included file, the remainder of your application can still function. At most, you will see get a warning, but nothing more. With ‘require’, if there is an error in the required file, the remainder of your application will not function, and your scripts will stop running. Sounds scary, right? Off the bat, it may seem like, from a usability standpoint, you should use ‘include’ or ‘include_once’ as a default – but this really isn’t the case. Think of what you are implying.
If you use include over require, you are doing a few things:
- You are calling a script that may or may not need to run in your application at any given time
- You are potentially running code that doesn’t need to be running
- If your included file breaks, your application still runs – you’re trusting that there are no security or usability vulnerabilities without it.
As best practice, you really shouldn’t be including code that doesn’t need to exist. At the very least, it can impact performance of your application. ‘include’ should really only be used for ‘optional’ code, but…how often is code you write used only part of the time? Very rarely.
Using require throws errors – which is a huge benefit in spite of how scary it may look. Checking your server logs, or getting immediate feedback as to what broke in your code is crucial when developing. If your required file patches a security loophole of some sort, it is obviously essential that your application stops running if the required file breaks.
So, best practices?
- The majority of the time, use require_once for scripts that are called only once – like a database connection, or defined functions. You will probably use this the majority of the time. You don’t often run into situations where you require a file more than one time in a script or application.
- Use require when the required file has scripts that run when the file called.
- Use include or include_once similarly, but only when they aren’t essential or carry sensitive or crucial data. Which – how often do you include code that doesn’t necessarily matter?
- If your required file breaks your code, check your error info and your logs to find out why, and then fix it! That’s the great thing about require!
PHP is a widely used language, but is full of security holes. It is important to understand some of these basic practices as your develop your websites and/or applications in PHP to keep you and your users safe, and to make sure your code is running optimally.