securing php scripts – PHP



Hi there,

just wondering, if I want to stop users of a site "stealing" the code, is there a way to achieve this? Is it automatic because any php is parsed before it reaches the browser? Am I better off putting basically everytthing inside php echos, even if it could be done using html? I guess I’m basically asking about security of the stuff I’ve done and whether there’s a way to guarantee that someone won’t be able to grab the code.



no one without server access is able to see your php code (as you already mentioned). but I don’t recommend putting all your html code in echos, it will be visible either way.
so put in a one-liner: php code is safe from stealing, html code never.


note: of course you can add a copyright comment to all your code, that’s more reasonable.


Putting it in echo()s or not has exactly the same output. You could obfuscate you PHP code, just incase.



i don’t know the exact reason why you are wondering how to do that but,
i don’t think you should care about it… if someone wants to copy your HTML code it can use Firebug and get all the code you wrote in one line-> indented.
don’t protect your code, just improve your service and you will never fear someone stealing you clients…



Thanks all for your replies to this.

Bilibytes, I have to say I’m confused. The exact reason I’m wondering how to do it is because surely if you think something is not only good but also reasonably unique, and you made it, you’d want to protect it. Wouldn’t you? Particularly if there was some potential return.

I guess it’s at the stage where due to the nature of the product, there isn’t a client base for this at all. It’ll need to be built. So I need to make sure that if I provide a web address for something, and say there’s a demo section, that a cluey person can’t use that fact to grab the necesary code.

When you write that someone can use firbug to grab the html code, you did mean html didn’t you, not php?

Thanks for your thoughts.



Yes, firebug will only grab the sourcecode (the html, javascript and css). However, you need not Firebug to view the source – most major browsers have a rightclick option to ‘view source’.

You do not need to worry about users being able to view your PHP – as long as you use the correct file extensions, a server running php, etc., you’ll be good.



Cool. Thanks Markus. Puts my mind at ease…