I am trying to retrieve page contents with an AJAX
call. I have a series of links within a page wrapper. When I click on a link, it loads a JavaScript function that retrieves page contents from a php
script. In this case I am developing on my localhost
, but in production the script will be within the same root folder and domain as the file that does the AJAX
call. I am using the response as the content for a div
. The content isn't purely PHP
, and by that I mean while it is generated by php it has HTML
elements like div
s and spans. It's basically the stuff that is going between the opening and closing body tags. Because of this, I'm not sure I can just use json_encode
.
Instead of the content loading in the div
, I get the following error:
Warning: require_once() [function.require-once]: http:// wrapper is disabled in the server configuration by allow_url_include=0
After reading up on allow_url_include
it seems that this is usually disabled by default. I'm assuming that this feature allows for some serious site attacks. Is that the case. If so, how can I retrieve the content from another file?
I tried using the JQuery
load function:
$('#content').load('pages/test_page.php');
but with the exact same results.
This is driving me nuts! TIA.
EDIT: I think I may have found the problem; the php
file that the AJAX
is retrieving content from is using require_once
. The file that it is requiring is on the same server within the same root folder, but it was one directory up. HOWEVER, that creates a new problem: I'm getting the content, but not fully. For example, in the file I have this:
Title: <?php echo $details['title']; ?>
I am only getting the first letter, and this holds true for other php
content that I echo
.
allow_url_include
only affects include()
and require()
, you can still use the PEAR HTTP_Request2
module or the curl
functions to fetch webpages.
Using include()
for remote webpages is considered to be a "bad practice", and may pose a security risk. For example, if you use include($var);
and some attacker manages to replace $var with http://hacksite.tld
he/she can "inject" code ...
No worries, just use file_get_contents()
then write a new file in your documents with the contents you have retrieved, then include
the file in your file. the file you included now is ready for any change you want, using css
,javascript
, etc.. this is basically what a wrapper does.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With