How to prevent users from directly accessing files in php

In order to ensure the security of the API we write in PHP, access methods other than interfaces must be prohibited.

For example, our project is example, under which there is a folder dir1 and an interface file api.php. The structure is:

At this time we require that the services in file.php can only be called through example/api.php, not directly through example/dir1/file .php to access.

There is such a variable $_SERVER in php. This is an array variable with various key-value pairs. You can search for specific information. Then we can now get the script name through SCRIPT_NAME in $_SERVER. $_SERVER['SCRIPT_NAME'], its value will be similar to xxx/api.php, then we can judge whether the access is legal by judging whether the access link contains api.php, and if it is legal, continue execution. If illegal, block.

The specific code is as follows:

if(strpos($_SERVER['SCRIPT_NAME'], 'api.php') === false){
  echo "error";
  exit;
}

Just add the above code at the beginning of file.php.

The above content is for reference only!

For more related questions, please visit the php Chinese website: PHP video tutorial

The above is the detailed content of How to prevent users from directly accessing files in php. For more information, please follow other related articles on the PHP Chinese website!