PHP including other php files question

I have a web page that has many php files in it and I was wondering how can I stop users from viewing the php in开发者_如何学编程cludes individually?

One popular way is to define a constant in the including file:

define ("INCLUDE_OK", true);

and then to check in every sub-include:

if (!defined("INCLUDE_OK")) die ("This file can't be executed directly");

Alternatively, as @mikerobi says in his now deleted answer, store the include files in a folder outside the web root.

If the PHP files aren't supposed to be called at all by the user, they shouldn't even be in the document root. For instance, if your document root is /var/www/html, I would create a /var/www/include directory and put them in there. It's physically impossible for the user to call them then, and the PHP pages the user should can can just reference them as ../include/myinclude.php.

In your main file, do something like:

<?php
    define('AAA',true);
?>

And in all include files, write this at the veyr top:

<?php
    defined('AAA') or die('Access denied.');
?>

Or, you can use htaccess files.

Your includes php files shouldn't do ANYTHING unless a function is called within them, and you should make sure the extension is php as well, or some other extension that is compiled using php (like includes.php). if you have includes.inc for example, some server would just show the source code of that file, which poses a security breach in the first place. If you follow those rules, you won't even have to check for other variables and such.

You could set a variable on the main page and build a simple check on the included pages. If the variable is not set, then don't display the page. It's not pretty but it would work....

I.e.

//On the main page
$check = true;
include(../someFile.php);

//someFile.php
if($check == true){
  //Display your content
}