Move to data-driven decision making with my new NPS survey software.

All my readers receive 10% off for life with code: ian

php security tip

December 7, 2004

This will be old hat for all you pro's out there but for people new to PHP this might be helpful. If your developing an application that has library files, class files, or included files you should always secure these so that they cannot be called from outside your application. The best way is to keep them outside the web servers document home path, but sometimes you can't.

If that's the case then you can use the code below to secure them. I'm assuming you have some type of config.php file which is always included (as most do for holding database username,pass,etc). Those variables in the config should be created using "define". ex: define('dbusername','cooluser1');

Now to secure your included files put this at the top of each one:


if (!defined('dbusername')){
exit;
}

So if the constant "dbusername" doesn't exist, which it wouldn't if you call an included file directly, then exit the program.

→ Share your thoughts with me on Twitter
Stay In The Loop

I won't bother you with short posts or off topic musings. You'll also receive my ebook on enterprise sales for bootstrappers for free.