What's the best way to only allow a PHP file to be included?

Question

I want to make sure people can\'t type the name of a PHP script in the URL and run it. What\'s the best way of doing this?

I could set a variable in the file that wi

Answer 1

In a few of the open source applications I've poked around in, including Joomla and PHPBB, they declare a constant in the main includes file, and then verify that constant exists in each of the includes:

// index.php
require_once 'includes.php';

// includes.php
define('IN_MY_PROJECT', true);
include 'myInc.php';

// myInc.php
defined('IN_MY_PROJECT') || die("No direct access, plsktnxbai");