My web app has a series of pages that just accept AJAX incoming calls and process them…there is not any
content in them for the web user to see.
There is a chance though that the user might choose to access them directly(by typing the URL in the address bar)…especially if it someone who know how to use dev tools and see where ajax requests are sent.
So the question is what to do in such cases?
Suppose that he/she tries to access these pages…what must I present to him?
Could they be put in a folder that is inaccessible to site visitors?
I keep my php includes in a folder denied by htaccess. My php cron job scripts are in a folder outside of the public root.
Would your scripts still work if they were in a non-public folder?
I suppose it would depend on how your local machine set up. I couldn’t say, as I don’t have my local machines set up as servers or with php. I do all my testing on the remote host and can only test plain html locally.
Though someone here may know better.
weather the scripts will work from a non-public location will depend on the nature of the scripts. I’m assuming that if they are without any user directed html, they don’t require any user interaction or access, so should be fine hidden away.
Oops, sorry to cause confusion.
I have that in my “PHP template” file that I use when developing code and left it in the example because I’m not in the habit of removing it until I’m done working up script and move it to live and forgot to not include it in the quick copy / paste to here.
Best to not have it in any live files, much better to have a custom error handler log or email you errors instead. You want to not show error messages to site visitors.
Try copying the script to test-123.php and running on your live site and local host.
Edit
I forgot to mention that the reason I like this technique is that only one set of files is required. No chance of uploading a development script and overwrite an online script of the same name.