Hi!
I am new to php. I am trying to create a contact form.I have two php files: contact.php and insert.php.
Contact.php contains the form elements. Insert.php contains only the database connection string and the INSERT query. I also gave an "Record added" echo statement in insert.php, if the INSERT query was successful.
The problem arises when I directly type the insert.php in the URL. It prints "Record Added". How can I restrict direct access to insert.php? How can I have a forbidden message?
I did do a search before I posted. One suggestion was to define a constant in insert.php and use it as a flag, it works when you try to access the file directly, but that doesnt work when we are posting data from contact.php. Other suggestion was to create a .htaccess user authentication, but thats not what I am looking for.
Which is the best way to restict direct access completely?
Thanks in advance!
-Avais
Restricting direct access to a php page
Moderator: General Moderators
I suggest you to create a folder "private" then move insert.php to it. Inside folder "private", create a file ".htaccess" -- [dot]htaccess --
in that file type:
in that file type:
Code: Select all
deny from all- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
easiest way in my book:
[quote="contact.php][/quote]
[quote="contact.php]
Code: Select all
<?php
define("non-hacked",1);
//CODE...
?>insert.php wrote:Code: Select all
<?php if(defined("non-hacked")){ //code... //below optional } else { die("No hacking allowed!"); //below end optional } // BUT MAKE SURE you add a end brace ?>