How can I block access to a directory on my PHP site?

I've a directory where I read/write data.

If any evil people discover a path to this directory on my website (i.e开发者_Go百科. www.mysite.com/secretDir), can they use it for storing their data?

If so, how can I stop it?

If you have an FTP program like Filezilla or know how to change permissions through the command line, I would suggest you set your folders to 755 and most files to 644. This is usually the default and keeps your files relatively protected. Other than that you could always password protect your directory if you want to block all traffic to the directory. Here is a nice tutorial on how to do that: http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/

Make sure the permissions are set correctly so outsiders do not have write access.

There are several layers to help prevent it. CHMOD the directory & any php scripts can prevent this. Also you can exclude apache/iis from serving the folder to the internet or ip ranges.

Broad answer to a broad question.