I am developing a backend for my site and I have put all of my forms for doing sql queries in includes/forms
My index & edit pages e.t.c. require login using the following code:
However, I can't put this code in my forms because it will throw an error for re-declaration, so I just put a .htaccess in the includes directory with deny from all.
So far, its doing exactly what I want, the forms include in my pages & everything works and if I use my browser to navigate to the includes/forms directory or any of the files inside it, I get a forbidden message. Great!
Is this a common way to protect such files, or might this lead to any problems that I haven't thought of?