Home  >  Article  >  Backend Development  >  How to prevent users from directly accessing files in php

How to prevent users from directly accessing files in php

王林
王林Original
2019-09-12 17:44:413148browse

How to prevent users from directly accessing files in php

In order to ensure the security of the API we write in PHP, access methods other than interfaces must be prohibited.

For example, our project is example, under which there is a folder dir1 and an interface file api.php. The structure is:

How to prevent users from directly accessing files in php

At this time we require that the services in file.php can only be called through example/api.php, not directly through example/dir1/file .php to access.

There is such a variable $_SERVER in php. This is an array variable with various key-value pairs. You can search for specific information. Then we can now get the script name through SCRIPT_NAME in $_SERVER. $_SERVER['SCRIPT_NAME'], its value will be similar to xxx/api.php, then we can judge whether the access is legal by judging whether the access link contains api.php, and if it is legal, continue execution. If illegal, block.

The specific code is as follows:

if(strpos($_SERVER['SCRIPT_NAME'], 'api.php') === false){
  echo "error";
  exit;
}

Just add the above code at the beginning of file.php.

The above content is for reference only!

For more related questions, please visit the php Chinese website: PHP video tutorial

The above is the detailed content of How to prevent users from directly accessing files in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:What file is php?Next article:What file is php?