Restricting direct access to a php page
Posted: Thu Feb 22, 2007 10:31 am
Hi!
I am new to php. I am trying to create a contact form.I have two php files: contact.php and insert.php.
Contact.php contains the form elements. Insert.php contains only the database connection string and the INSERT query. I also gave an "Record added" echo statement in insert.php, if the INSERT query was successful.
The problem arises when I directly type the insert.php in the URL. It prints "Record Added". How can I restrict direct access to insert.php? How can I have a forbidden message?
I did do a search before I posted. One suggestion was to define a constant in insert.php and use it as a flag, it works when you try to access the file directly, but that doesnt work when we are posting data from contact.php. Other suggestion was to create a .htaccess user authentication, but thats not what I am looking for.
Which is the best way to restict direct access completely?
Thanks in advance!
-Avais
I am new to php. I am trying to create a contact form.I have two php files: contact.php and insert.php.
Contact.php contains the form elements. Insert.php contains only the database connection string and the INSERT query. I also gave an "Record added" echo statement in insert.php, if the INSERT query was successful.
The problem arises when I directly type the insert.php in the URL. It prints "Record Added". How can I restrict direct access to insert.php? How can I have a forbidden message?
I did do a search before I posted. One suggestion was to define a constant in insert.php and use it as a flag, it works when you try to access the file directly, but that doesnt work when we are posting data from contact.php. Other suggestion was to create a .htaccess user authentication, but thats not what I am looking for.
Which is the best way to restict direct access completely?
Thanks in advance!
-Avais