Reputation: 592
Disable direct access to php file
I'm looking for a way to disable direct access to certain PHP files which contain SQL statements.
Page register.php call action"register_sql.php"
How to disable direct access (www.my.com/register_sql.php) and allow only script to execute code?
I have checked out an .htaccess file, but it was unsuccessful because block execution
<Files ~ "\sql.php$">
Order allow,deny
Deny from all
</Files>
Upvotes: 0
Views: 1532
Answers (1)
Reputation: 9040
One tactic would be to avoid putting your important PHP code anywhere within the document root of your site. This is a common tactic used by the big PHP frameworks such as Laravel, Zend, and CodeIgniter.
For example, let's pretend that your site is called "laptopcafe", and that your folder structure is:
/var/www/laptopcafe/public/register.php
/var/www/laptopcafe/lib/register_sql.php
Configure your webserver that the document root is /var/www/laptopcafe/public. People will still be able to browse to http://www.laptopcafe.com/register.php, but won't be able to access register_sql.php.
Then, in register.php, you can include register_sql.php like so:
<?php
include(dirname(__FILE__) . '/../lib/register_sql.php');
Hope this helps!
Upvotes: 3
Related Questions
- Prevent PHP code from executing if form was not submitted
- Block access to PHP file using .htaccess
- Prevent direct access to .php files in .htaccess
- How do you prevent direct access to a file in Apache?
- PHP - how to prevent .php files from direct access
- deny access of php file from url htaccess
- Block direct HTTP access to a PHP File
- Protect php files from direct access
- Block direct access to PHP files
- Preventing direct access to php files