Introduction to how php prevents direct access to .php files

This article mainly introduces relevant information on how to prevent direct access to .php files in PHP. Here is an example of how to prevent direct access to .php files. Friends in need can refer to it

Detailed explanation of how PHP prevents direct access to .php files

In order to ensure the security of the API we write in PHP, access methods other than interfaces must be prohibited.

For example, our The project is example, under which there is the folder dir1 and an interface file api.php. The structure is: Enter the picture description

At this time we require that we can only pass example/api .php to call the service in file.php, which cannot be accessed directly through example/dir1/file.php.

There is such a variable $_SERVER in php, which is an array variable with various keys in it. Value pair, you can search for specific information. Then we can now get the script name through SCRIPT_NAME in $_SERVER. $_SERVER['SCRIPT_NAME'], its value will be similar to xxx/api.php, then we can judge by Check whether the access link contains api.php to determine whether the access is legal. If it is legal, the execution will continue, if not, it will be blocked.

The specific code is as follows:

if(strpos($_SERVER['SCRIPT_NAME'], 'api.php') === false){
  echo "error";
  exit;
}

Just add the above code at the beginning of file.php.

The above is the detailed content of Introduction to how php prevents direct access to .php files. For more information, please follow other related articles on the PHP Chinese website!