I have some code that is mostly static, but changes once every few months. It is related to the display of a set of logos on my webpage, and navigation bar item changes. Instead of having to go and update every single webpage that includes these same items each time the list of logo images changes, or I need a new navigation bar item, I needed to be able to globally edit them.
I chose to do this using PHP includes such as:
<?php include("includes/bannerlist.html"); ?>
<?php include("includes/navbar.html"); ?>
This seems ot be a good solution and is working.
All references to include files are hard coded as shown above, and all related files are stored locally on the same webserver/site.
I have read about security issues related to PHP includes but they seemed to be related to more complex things than what I am doing.
My question is, are the includes I have, like show above, any type of security risk? And if they are, what is the best way to mitigate the risk?