在服务器上安全Php执行

问题描述：

I have a php script which updates a database. I want to be sure that no one else can call my script remotely and execute it.

I tried this code but it did not work, the refer was always empty because I use https connection.

if (strpos($_SERVER['HTTPS_REFERER'], 'linkedfilm.com') == false) 
{
    exit();
}

The server is Apache server.

Thanks.

我有一个用于更新数据库的php脚本。我想确保没有其他人可以远程调用我的脚本并执行它。 p>

我尝试了这段代码但它没有用，因为我使用https连接，所以引用总是空的。 p>

  if（strpos（$ _ SERVER ['HTTPS_REFERER']，'linkedfilm.com'）== false）
 {
 exit（）; 
} 
   code>  pre> 
 
 服务器是Apache服务器。 p> 
 
 
谢谢。 p> 
  div>

答

You got a few options to secure this .php script.

You can secure this script by moving it into another directory outside of your DOCUMENT_ROOT
You can add the .htaccess
You can allow only local ip

答

You could use .htaccess and put your script in a password protected directory.

Or you could use some sort of login and authentication routines on your site so you can login and access that script.

Or you could pass a 'secret' key with you call to the script, quick and dirty

if( $_GET['secret'] != "mysecret" ) exit();