How to secure your PHP include files / Blog / Web Design Sheffield

How to secure your PHP include files

9 Jun 2011

If you have some included PHP files in your website, users running them directly (accidentally or from being too nosey) can result in error output you don't want which could reveal information you don't want in public view.

There's a few solutions to this but here's my favourite which should work whatever your web server configuration is:

On your main PHP file:



$key = true; //define your key variable

include 'include_file.php';

Now at the top of the include_file.php you want to protect:



if(!isset($key)) { 	echo 'This file cannot be accessed directly!'}

Now any users who try to run your included file directly will recieve the message "This file cannot be accessed directly".

Hope that was useful for someone!