www.webdeveloper.com
Results 1 to 4 of 4

Thread: block php page in public view. but still able to use by other page.

  1. #1
    Join Date
    Nov 2012
    Posts
    1

    block php page in public view. but still able to use by other page.

    block php page in public view. but still able to use by other page.

    hi, I'm working on a website that has ajax live search(search.php) on it, search.php calls in from another php page to search in database, it works just fine, the problem is search.php can be typed in url and display all data from database. I tried googling it, still don't have clear idea how to solve it. I've read that it can be done in .htaccess, also by changing permission... I just want to be enlightened how to properly fix the problem. thanks

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,326
    If it's a question of only wanting it to be accessed via include()/require(), a few approaches:

    - Move the included file outside of the web document root directory hierarchy.
    - Give it a name with a distinct suffix that you then disallow via the web server (e.g. via the .htaccess file)
    - Compare the script's file name against that of $_SERVER['SCRIPT_NAME'], and if the same exit (and maybe first send a 404 header)
    - Set a constant in the main script that would do the including of the file in question, and if that constant is not defined, exit (and 404?)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Oct 2010
    Location
    Ohio
    Posts
    233
    Option 4 is what I generally use. The top of all my files (except for index.php) look like this:

    PHP Code:
    if( !defined('ROOT') ) { header('HTTP/1.0 404 Not Found'); exit; }

    // actual code for the file here 
    ~Ryan
    www.rdennispallas.com <-- Personal Site, changing regularly cuz its ugly.

  4. #4
    Join Date
    Aug 2012
    Posts
    155
    I presume you are sending posted data to the search.php page, in which case, all you need to do is check if data has been posted and if not then redirect to another page. In search.php
    PHP Code:
    <?php
    if (!isset($_POST)) {
     
    header("location: index.php");
    } else {
     
    //Do your search here
    }

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles