CodeIgniter Forums

Full Version: Should the view files also incude defined('BASEPATH') OR exit...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hey Guys,

I was wondering if I should put

PHP Code:
defined('BASEPATH') OR exit('No direct script access allowed'); 

On my view files, along with my controller and model files

Thanks!
You should put it at the top of EVERY file you create in /application. It just helps to ensure no one can execute code without it being processed through index.php, so someone can't directly execute http://yoursite.com/application/views/view_name.php in your view example.
If your code is in a public area on your server, and you're concerned that a view will be executed directly, then it might be worthwhile to do this. In the end, though, you could probably choose something more relevant to check if you have a specific security concern in a view.
I think that you can protect your application folder access with .htaccess or putting out of the document root dir, instead modifying each view file.

Personally I prefer the less php code as possible on views
Okay got it! Will do . Thanks for your help!