[OWASP_PHPSEC] use of require_once

Chris White cwhite at remarinc.com
Tue Jul 30 15:47:36 UTC 2013


Abbas,

Namespaces are a feature of object oriented programming - not just Java (C++, .NET, Python, Ruby, etc). Its use lies in the ability to logically compartmentalize similar classes, which makes them more meaningful and tightly coupled to a developer. A shallow system can obfuscate related classes fairly quickly. I don't like Java, either. That doesn't mean that it doesn't have any good concepts. In fact, I believe the developers using Java on average are much more skilled than the average PHP developer and better implement sound programming practices.

Don't let your dislike for Java make you avoid good ideas. There is a reason so many object oriented languages take advantage of these features.

As for require vs require_once: your assumption that one is for classes and another for non-object oriented PHP files is a fallacy. Require_once is used in cases where there is potential to load a file twice. This is beneficial when loading a file twice can overwrite assigned variables, properties (static objects), or run a procedure multiple times in the case of a non-object oriented file. When loading a file twice is not harmful to code or there is no potential to load it twice, then require is the preferred method.

Thanks,

Chris White
Network Administrator
Remar, Inc.
Work: 615-449-0231
Cell: 615-948-1388

From: Abbas Naderi [mailto:abiusx at owasp.org]
Sent: Tuesday, July 30, 2013 10:26 AM
To: Chris White
Cc: owasp_php_security_project at lists.owasp.org
Subject: Re: [OWASP_PHPSEC] use of require_once

We have had this discussion, going deeper is Java like. Even one namespace is not a good thing, but we're dealing with facade functions, so that's not an issue for now.

require_once is needed for loading classes and definitions. require is used for running php file, usually those that produce output not define things. There is not much overhead. PHP is an interpreted language, and performance is not really an issue here.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in AbiusX.com<http://AbiusX.com>

On Mordad 8, 1392, at 3:55 PM, Chris White <cwhite at remarinc.com<mailto:cwhite at remarinc.com>> wrote:


Finally! It is not as lonely in the PSR-x boat anymore. No need to recreate the wheel here, guys. Just utilize one of their sample loaders. You won't even have to change namespaces or classnames. Although, I am in favor of going deeper than just \phpsec\. ;)

Chris White
Network Administrator
Remar, Inc.
Work: 615-449-0231
Cell: 615-948-1388

From: owasp_php_security_project-bounces at lists.owasp.org<mailto:owasp_php_security_project-bounces at lists.owasp.org> [mailto:owasp_php_security_project-bounces at lists.owasp.org<mailto:bounces at lists.owasp.org>] On Behalf Of Sven Rautenberg
Sent: Tuesday, July 30, 2013 5:48 AM
To: Minhaz A V; owasp_php_security_project at lists.owasp.org<mailto:owasp_php_security_project at lists.owasp.org>
Subject: Re: [OWASP_PHPSEC] use of require_once

Yes. Just have a look at how "PSR-0" autoloading is done.


Minhaz A V <minhazav at gmail.com<mailto:minhazav at gmail.com>> schrieb:
will it be changed to require  after autoloading is done?

On Tue, Jul 30, 2013 at 3:30 PM, Minhaz A V <minhazav at gmail.com<mailto:minhazav at gmail.com>> wrote:
Can I know how will autoloading be accomplished and what it exactly means?

On Tue, Jul 30, 2013 at 3:26 PM, Sven Rautenberg <sven at rtbg.de<mailto:sven at rtbg.de>> wrote:
It's probably because of the current lack of autoloading, but I think this will be addressed.


Minhaz A V <minhazav at gmail.com<mailto:minhazav at gmail.com>> schrieb:
while going through the codes I found the use of require_once at many places
why isn't require  being used, when require_once  has computational overheads, it consumes more memory and is slower

reference: http://stackoverflow.com/questions/186338/why-is-require-once-so-bad-to-use




________________________________

OWASP_PHP_Security_Project mailing list
OWASP_PHP_Security_Project at lists.owasp.org<mailto:OWASP_PHP_Security_Project at lists.owasp.org>





https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

Regards,

Sven



Mit freundlichen Grüßen

Sven Rautenberg
_______________________________________________
OWASP_PHP_Security_Project mailing list
OWASP_PHP_Security_Project at lists.owasp.org<mailto:OWASP_PHP_Security_Project at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130730/44d9e406/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list