5

I have four files.

  1. index.php "the main page" with search function that use MySQL databse. and I call the database throw javascript, client side.
  2. fetch.php "contain MySQL connections info's.
  3. bridge.php to cover fetch file, and I'm using php code to make the connection.
  4. .htaccess file to block any direct access to the fetch.php file.

index.php<--->bridge.php<--->fetch.php<--->Mysql

My index.php file contain this code below, and because I'm using JavaScript! .htaccess file blocked index.php file from accessing my fetch.php file, javascript is "client side"

<script>
$(document).ready(function(){

    function load_data(query)
    {
        $.ajax({
            url:"bridge.php",
            method:"post",
            data:{query:query},
            success:function(data)
            {
                $('#result').html(data);
            }
        });
    }

So I made my javascript code call the bridge.php file, and the bridge.php file call the fetch.php file throw PHP language, to make all this work.

So my bridge.php file code:

<?php
include 'fetch.php';
?>

Now no one can access fetch.php directly .htaccess file block any direct connection throw the browser but if I call the file bridge.php throw the browser it will open the database! that's doesn't solve anything! what I'm doing wrong?

This is the code of my .htaccess file:

<Files ~ "fetch.php">
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Files>

And this is how my fetch file call MySQL:

$connect = mysqli_connect("localhost", "example.com", "passowrd", "databasename");
$output = '';
if(isset($_POST["query"]))
{
    $search = mysqli_real_escape_string($connect, $_POST["query"]);
    $query = "
    SELECT * FROM tbl_customer 
    WHERE CustomerName LIKE '%".$search."%'
    OR Address LIKE '%".$search."%' 
    OR City LIKE '%".$search."%'
Improve this question

1 Answer 1

Reset to default
1

I think you are overcomplicating the issue or you have composed fetch.php in a way that does not help.

I'm guessing your fetch.php has MySQL functions or class code in it that you then access and use. Something like:

<?php

define('MYSQL_SERVER','localhost');
define('MYSQL_LOGIN','mylogin');
... and more ...

class DB {
   ... methods ...
}
?>

The key part of fetch.php should be the opening <?php and the closing ?>.

If you (or anyone else) directly requests fetch.php, your code should be written in a way that the result is a totally blank page.

The only overhead on the web server is the single PHP pass that will then render the blank return to the browser.

If you have written your code in another way I suggest you rethink your approach and question why you have done what you have.

BTW, adding details to a .htaccess file should only be done if there is no other way. As far as web server preformance, they are not a good idea.

Edit:

If you really want to make sure fetch.php is not directly called but only ever included in another file, you could do something like the following right at the top:

<?php

if (count(get_included_files()) == 1) {
    // direct request, do nothing
    exit;
    // or even redirect somewhere like
    header("Location: /");
    exit;
}

// has been included, allow rest of script to process
$connect = mysqli_connect("localhost", "example.com", "passowrd", "databasename");
// ... more code below
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

I got it, is there anyway to make my code inside fetch.php file only accept connection "or being opened" from index.php and about the bridge file, it was someone advice, bad advice...
I Included my fetch file code, I tried your method, but it still the same, I put it at the top of my code
@Someone : Make sure your code is the same as the latest edit. If if still have fails, what does var_dump(get_included_files()) show you?
Still can access the file directly, and also I edit the code with this one var_dump(get_included_files()) and still can access the page directly
Okay now I solve it, it's work like what you exactly said, when I open the fetch file direclty, blank page, but now index.php can't access the database at all
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.