• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 304
  • Last Modified:

Self-referential includes in PHP FloodControl

I was listening to a Zend webinar on PHP optimization, and one point I took note of was that the require_once statement should be avoided as it is considered expensive. I realize that this could be controversial, and my question is not specifically about this point.

In looking at our codebase to see how prevalent require_once might be, I was glad to see very few instances of it, and even those were not necessary. However I got to a library that was added by one of our programmers who is no longer with us, and I found some code which at first glance looks puzzling.

The library is called HTTP_FloodControl and was written by Vagharshak Tozalakyan. We use it to prevent flooding attacks, which in the past we suffered from time to time.

An extract of the code showing the "recursive" include from the script MDB.php follows:

require_once 'MDB.php';

Note: the script is in the file MDB.php and the require statement includes MDB.php.

My understanding of this construct is that the require_once for MDB.php being self-referential would lead to an infinite recursion, except possibly for the fact that it has the "_once" part, which prevents this from occurring. Thus I am concluding that this code is present for documentation purposes. And if so it could be commented out.

Am I misinterpreting the intent of this code?
1 Solution
IF the _once part wasn't there then you are right it would lead to an infinite loop. The code appears to be redundant as the code has already been included. A simple php test fil can illustrate this:

eg: file: test.php
echo "test";

(the require_once at the bottom has no effect, removing the _once though could cause your server to crash!)
jasimon9Author Commented:
I tend to agree with you. I am just trying to make sure that there is not something more here that I am not aware of.

My concern is that the supposed costliness of the require_once call is paid, even if in effect it does "nothing". So an expensive call for no good reason. Hence my desire to remove it.

Because of the nature of this code, it is called on every page load. So I am wanting to comment it out.

Based on your answer, I would go ahead and try commenting it out on a development server. Unfortunately testing the function of the code itself, to make sure that the Flood Control is still effective, is not the easiest thing to do, at the system level.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now