[英]Php vs .htaccess: what is the best way to prevent access to php files?
I'd like to know what is the best practise to prevent access to all php files except the index.php and a few others. 我想知道什么是阻止访问除index.php和其他一些文件之外的所有php文件的最佳实践。 I know you can do it by checking the values of a costant in php or via the .htaccess file. 我知道您可以通过检查php中的costant值或通过.htaccess文件来实现。 But what is the best way in terms of performance and good coding practices? 但是,就性能和良好的编码实践而言,最佳方法是什么? Thanks 谢谢
EDIT: I mean prevent read and execute access to the public 编辑:我的意思是阻止读取和执行对公众的访问
Don't put PHP files in the web root. 不要将PHP文件放在网络根目录中。
For instance: 例如:
phpincludes
- database.php
- file123.php
- functions.php
public_html
- index.php
- otherstuffhere.php
Can't access what's not there! 无法访问不存在的内容!
The best practice is to simply not put your application code in your web server's doc root. 最佳实践是不要将应用程序代码放在Web服务器的doc根目录中。 Have a single index.php
in the root that handles instantiating controllers to do all of the work. 根目录中有一个index.php
,用于处理实例化控制器以完成所有工作。 All the rest of your code doesn't have to be directly accessible as long as the index.php can include it. 只要index.php可以包含所有其余代码,就不必直接访问它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.