Ok, to start with - I am addicted to using a root relative link structure for everything. Include in php always makes that difficult for me, but I happened upon a line of code that lets me include root-relatively.
It's really simple:
set_include_path( get_include_path() . PATH_SEPARATOR . $_SERVER['DOCUMENT_ROOT'] );
That's from a comment in the php manual
I have a pretty simple php site, but with many different subdirectories, and this makes it easy to use. Also - the company may be switching servers soon, and I am thinking this may ease the transition for many sites.
So is there a security risk here? I don't dynamically include files or remotely include them. Am I taking a performance hit including this at the top of every php file? or is it negligible?
There is no security risk as long as you control what you put in the include_path.
There is, however, a performance hit if you have too many paths in your include_path (as PHP will have to try each path before finding the file).