block php page in public view. but still able to use by other page.
block php page in public view. but still able to use by other page.
hi, I'm working on a website that has ajax live search(search.php) on it, search.php calls in from another php page to search in database, it works just fine, the problem is search.php can be typed in url and display all data from database. I tried googling it, still don't have clear idea how to solve it. I've read that it can be done in .htaccess, also by changing permission... I just want to be enlightened how to properly fix the problem. thanks
If it's a question of only wanting it to be accessed via include()/require(), a few approaches:
- Move the included file outside of the web document root directory hierarchy.
- Give it a name with a distinct suffix that you then disallow via the web server (e.g. via the .htaccess file)
- Compare the script's file name against that of $_SERVER['SCRIPT_NAME'], and if the same exit (and maybe first send a 404 header)
- Set a constant in the main script that would do the including of the file in question, and if that constant is not defined, exit (and 404?)
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
I presume you are sending posted data to the search.php page, in which case, all you need to do is check if data has been posted and if not then redirect to another page. In search.php
PHP Code:
<?php
if (!isset($_POST)) {
header("location: index.php");
} else {
//Do your search here
}
Reply With Quote
Bookmarks