Restricted Access in Joomla file

Question

Hi,

 i am using a Form where i am having a textbox which on submit i am retriving the value of the text box and sending it to a file which gets the value and using it to fetch the records..

in my javascript i gave like

   <script language="javascript" type="text/javascript">

    function check()

       {


    var title=document.getElementById("title").value;

   location.href="http://localhost/joomla/Joomla_1.5.7/testtest.php?title="+title;

      }
     </script>

And in the testtest.php file

i have

     <?php
            defined( '_JEXEC' ) or die( 'Restricted access' );
      ?>


     <?php echo $_GET['title'];?>
   <?php
$db         =& JFactory::getDBO();

          $keyword=$_GET['title'];
    $query =  'SELECT * from #__chronoforms_UploadAuthor where text_6 like "%'.$keyword.'%"';
    $db->setQuery($query);
    $rows = $db->loadObjectList();
     //echo $rows;
   ?>

but in this page its showing me as Restricted access .. Why so ?? And how to overcome this.. Please help me...

Answer 1

From the official doc:

"_JEXEC" is a constant that is typically defined in the 'index.php' file at the root of the Joomla! instance and is used to mark a secure entry point into Joomla!. The defined or die check makes sure that _JEXEC has been defined in the pathway to get to the file. This is used to ensure that a file that could expose path information because functions, variables or classes aren't defined in that file trip PHP's error reporting and expose a path.

When should it be used?

The check should be added to files that when accessed directly cause a path exposure.

And that's exactly what you're doing: accessing the testtest.php directly.

You should either avoid that direct call or remove the check.

Most important, it seems you're not applying the main guidelines when coding extensions for the Joomla framework. I strongly advise you to have a look to the documentation pages and, specifically, to the MVC pattern section.

SOURCE: http://docs.joomla.org/JEXEC