Code needs to be loaded, and this does not happen automatically without some effort on our part. The loading of code has the potential to raise serious security issues that must be tackled. There are also practical matters of how to make code as clean and efficient as possible.
There has been a spate of cracks exploiting code-loading loopholes. Suppose we have a file containing PHP that is intended to be loaded for execution by other code that was triggered by the request from a user's browser. A simplified example would be:
<?php require_once ($basedir.'/somecode.php'); // More code that is perfectly safe follows ?>
First, how does the crack work? Supposing the previous code is in a file called ...