To rich dot lovely at klikzltd dot co dot uk:
Using a "@" before header() to suppress its error, and relying on the "headers already sent" error seems to me a very bad idea while building any serious website.
This is *not* a clean way to prevent a file from being called directly. At least this is not a secure method, as you rely on the presence of an exception sent by the parser at runtime.
I recommend using a more common way as defining a constant or assigning a variable with any value, and checking for its presence in the included script, like:
in index.php:
<?php
define ('INDEX', true);
?>
in your included file:
<?php
if (!defined('INDEX')) {
die('You cannot call this script directly !');
}
?>
BR.
Ninj
