I know there are tons of ways to block direct access (browsering) a PHP file, namely:
- Configure the server to refuse them
- Check for variables or constants have been set
- Check if the file is calling itself (using
basename
and$_SERVER['PHP_SELF']
)
However, I am working on a live search. Everytime the user press a key, it will send the keyword to a PHP file through AJAX. Using the following ways can block access to an included file, but also block the access from the JavaScript file.
Moreover, the PHP file I said above also include another PHP file, so I think passing a variable and check for that is impossible since you are defining a variable and checking for it at the same file.
Does anybody have any ideas? Any help is appreciated!