| defined('BASEPATH') OR exit('No direct script access allowed'); |
|
Should the following line be added in
PHP Code: defined('BASEPATH') OR exit('No direct script access allowed');
The line exists to make sure the file is being used in a CodeIgniter environment. So I'd say the answer is it goes in any file where that is true. Controllers, Models and most other files that define a "class" would probably fit that description. Perhaps in views if they use CI classes, otherwise it's not necessary.
(10-17-2018, 12:22 PM)dave friend Wrote: The line exists to make sure the file is being used in a CodeIgniter environment. So I'd say the answer is it goes in any file where that is true. Controllers, Models and most other files that define a "class" would probably fit that description. Perhaps in views if they use CI classes, otherwise it's not necessary. Perfect answer, that's clear, thank you. I'm still wondering why this line is mandatory. I don't see any security breach if the line is not added. How could a malicious user access to something ? PHP script will return an empty page and classes or functions can't be called from an external website. Am I missing something ?
If you call $this->load->model('xmodel') outside CI environment you gonna get some errors.
This line check if your script is executed in CI "context". If not this stops execution of script. There will be no code in this file executed after that.
It's called "security" by some and not by others. Maybe the best description is "It's a sanity check" for those unfamiliar with CI and for newbies.
defined('BASEPATH') OR exit('No direct script access allowed');
i am using it in controllers file.
I make it a habit to copy it to all of the folders I add to my applications.
For Sanity sake. What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
|
| Welcome Guest, Not a member yet? Register Sign In |
