我正在寻找一种方法来禁止直接访问某些包含SQL语句的php文件。
Page register.php call action" register_sql.php"
如何禁用直接访问(www.my.com/register_sql.php)并仅允许脚本执行代码?
我已经签出了一个htaccess文件但由于块执行而失败了
def date_of_next_X_day_Y_days_out_from_Z_start(day=ENV['day_to_start_plans'], number_of_days=ENV['min_days_out'], start_date)
# Explanation uses Monday as an example
# When was the last Monday?
date = Date.parse(day)
# Was the last Monday after the start_date? If so, then there's no difference between the last Monday and the next Monday; else, the next Monday is 7 days from the last Monday
delta = date > (start_date) ? 0 : 7
actual_next_day = date + delta
# Is there a minimum of Y number_of_days between the next Monday and the start_date? If not, bump to the following Monday by adding 7 more days
delta_2 = (actual_next_day - start_date) < number_of_days ? 7 : 0
actual_next_day + delta_2 #returned value
end
谢谢
答案 0 :(得分:2)
一种策略是避免将重要的PHP代码放在网站文档根目录的任何位置。这是大型PHP框架(如Laravel,Zend和CodeIgniter)使用的常用策略。
例如,让我们假装您的网站名为“laptopcafe”,并且您的文件夹结构是:
do_something_else将您的网络服务器配置为文件根目录为/ var / www / laptopcafe / public。人们仍然可以浏览http://www.laptopcafe.com/register.php,但无法访问register_sql.php。
然后,在register.php中,你可以像这样包含register_sql.php:
/var/www/laptopcafe/public/register.php
/var/www/laptopcafe/lib/register_sql.php
希望这有帮助!