I am somewhat new to PHP coding and I am aware that malicious users can hack a website if you have not sanitized your PHP code. What I am wondering is whether they need a data entry box (like for file submissions, or user-name/password entry fields)?.
Do commands like "include (header.php)" also need some sort of security or are they innately safe?
Don't trust the user.
include "a/literal/file.php";
is quite safe
include $someFile;
means you want to think about how $someFile gets set. If you use any data that was given to you by a user to set $someFile's value, you'd better sanitize it.