What it mean when we perfix with dots for require function to indicate filename in php

Question

I always use require('dbc.php'); to include file but what is the difference when I prefix 2 dots ../ as below, is there is any extra security.

require('../dbc.php');
require('../lib/bootstrap.php');
require_once '../../../conf/config.php';

Answer 1

The . gives you the ability to set the path of the included files relatively to the path of the original file that run (the file that included them). The ./ indicates the current directory. So if including a file like such:

require('./config.php')

You are telling PHP to look in the current directory for "config.php". Which is the same as

require('config.php')

The ../ indicates the directory above or "parent directory"

require('../dbc.php');

This is telling PHP to go one directory up and look for "dbc.php".

These commands can be chained like so:

require('../lib/bootstrap.php');
require_once '../../../conf/config.php';

Answer 2

If you do

../../

You've gone back two directory

 ../

You've gone back one directory

This basically going out the current directory the file u are working on is in. It depends on the location of the db file relative to the file that needs it. It has nothing to do with security.

Answer 3

The dots simply are used to traverse the directory structure. What is double dot(..) and single dot(.) in Linux?, though you should avoid using relative paths and use absolute paths. Absolute vs. relative paths.

Security: In its self, it introduces no security benefits, except if you get it wrong your app won't work at all!

It does add some protection against code disclosure if PHP fails to parse. This applies ONLY if you store your main code outside of the webroot, though I have never encountered or seen this issue spontaneously happen, though it possibly could. Storing script files outside web root.