如何调用位于public_html外部的php文件 [英] How to invoke a php file that is located outside public_html

问题描述

我正在创建一个网站，在安全性方面，我非常强迫症，所以我听说如果您将所有.php文件存储在public_html文件夹之外，然后用位于public_html文件夹中的另一个.php文件调用它们，那么您遭受攻击的风险较低.这是真的吗，如果是的话，我该怎么做.我读到一些有关使用.htaccess的信息，但是我不确定这是否是正确的方法.我虽然可以使用include，但是我不确定include如何与参数一起使用.

Im creating a website and i am very OCD when it comes to security so i heard that if you store all of your .php files outside of your public_html folder and invoke them with another .php file that is inside your public_html folder then your risk of an attack is lower. Is this true, if so how would i do this. I read something about using .htaccess but I'm not sure if that was the correct way to do it. I though i could maybe use include but im not sure how include works with parameters.

推荐答案

此策略没有提供很多额外的保护.主要是，它可以确保如果服务器配置错误并且无法将PHP脚本发送到PHP解释器，则它不允许将PHP代码直接直接发送到浏览器.

There isn't a huge amount of extra protection offered by this strategy. Mainly, it ensures that if your server is misconfigured and fails to send PHP scripts to the PHP interpreter, it doesn't allow PHP code to be sent directly down to the browser.

您不会将 all 所有PHP脚本存储在文档根目录之外.通常，您仅存储不打算公开访问的文档超出文档根目录的文件.将包含文件存储在doc根目录之外，并像处理任何文件一样包含它们.将作为公共视图的文件存储在文档根目录中，因为它们需要可通过Web访问.

You don't store all your PHP scripts outside document root. You typically store only files which are not intended to be accessed publicly outisde the doc root. Store your include files outside the doc root and include them as you would any file. Store files which are are public views inside the document root, as they need to be web-accessible.

有一种设计模式，称为前端控制器模式，其中单个索引页(索引(.php)接受路由，并酌情包含其他文件.许多PHP框架都开箱即用地支持这一点.

There is a design pattern known as the Front Controller pattern whereby a single index page (index.php) accepts routes and includes other files as appropriate. Numerous PHP frameworks support this out of the box.

这篇关于如何调用位于public_html外部的php文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！