PHP is never in an iframe. PHP is executed on the server side and generates output such as HTML, Javascript, or text. The output generated by PHP may produce or reside within an iframe, but never PHP itself.

PHP 永远不会在 iframe 中。PHP 在服务器端执行并生成 HTML、Javascript 或文本等输出。PHP 生成的输出可能会产生或驻留在 iframe 中，但绝不会是 PHP 本身。

ADDITIONAL DETAIL

其他细节

With regard to the additional detail you added in comments (that you want to distinguish between requests directly to your site and requests via a Facebook application) there are a few techniques you can use:

关于您在评论中添加的其他详细信息（您想区分直接发送到您网站的请求和通过 Facebook 应用程序的请求），您可以使用一些技术：

1. $_SERVER['HTTP_REFERER']:

1. $_SERVER['HTTP_REFERER']:

You can check the referrer to determine if a request came from a Facebook URL, from another page on your own site, from a third-party site, or if it was direct traffic. This method is not foolproof, but may provide more information than your application currently receives.

您可以检查引荐来源网址以确定请求是来自 Facebook 网址、您自己网站上的另一个页面、第三方网站还是直接流量。此方法并非万无一失，但可能会提供比您的应用程序当前接收的信息更多的信息。

1. Separate URLs

2. 单独的 URL

You can create separate URLs for the application running on your site and the Facebook version. Using $_SERVER['REQUEST_URI'], you can easily detect whether your application was accessed via 'yoursite.com/fbapp' or 'yoursite.com/localapp'. Both URLs can reference the same scripts via Apache's mod_rewrite or the aliasing solution of your choice.

您可以为网站上运行的应用程序和 Facebook 版本创建单独的 URL。使用$_SERVER['REQUEST_URI']，您可以轻松检测您的应用程序是否是通过“yoursite.com/fbapp”或“yoursite.com/localapp”访问的。两个 URL 都可以通过 Apache 的 mod_rewrite 或您选择的别名解决方案引用相同的脚本。

1. URL Parameters

3. 网址参数

This method is possibly the easiest to implement. If you can provide URL parameters when you provide an application URL to Facebook, just add a parameter. For example:

这种方法可能是最容易实现的。如果您在向 Facebook 提供应用程序 URL 时可以提供 URL 参数，只需添加一个参数。例如：

?access_method=facebook

In PHP, you can easily check for the existence and value of the access_methodparameter, and take action as necessary.

在 PHP 中，您可以轻松检查access_method参数的存在和值，并根据需要采取行动。

No, PHP is server side. It has no way of knowing if it is in a iframe.

不，PHP 是服务器端。它无法知道它是否在 iframe 中。

You can check for $_SERVER['HTTP_REFERER']. This cannot really be trusted because browsers not always provide this information. Also HTTP_REFERERnot always means an iframe but for particular cases this is good.

您可以检查$_SERVER['HTTP_REFERER']. 这真的不可信，因为浏览器并不总是提供这些信息。也HTTP_REFERER并不总是意味着 iframe，但对于特定情况，这很好。

<?php
if(!$_SERVER['HTTP_REFERER'] == 'YourFrameURL') {
    // Site is NOT loaded from iframe
    die('Please load this page from YourFrameURL');
}
else {
    // Site IS loaded from iframe: display content
?>

Please note that $_SERVER['HTTP_REFERER']is totally not reliable: it can be modified. Also note that this method is 'https-sensitive'. If the frame is loaded from https://xwhile YourFrameURLis set to http://x, it will not work. Fix this by using:

请注意，这$_SERVER['HTTP_REFERER']是完全不可靠的：它可以被修改。另请注意，此方法是“https 敏感的”。如果从https://xwhile加载帧YourFrameURL设置为http://x，它将不起作用。使用以下方法修复此问题：

if(!$_SERVER['HTTP_REFERER'] == 'http://YourFrameURL' or !$_SERVER['HTTP_REFERER'] == 'https://YourFrameURL') {

For anyone who lands on this old thread: There is a very easy way to check in PHP wether or not your page is loaded through an iframe.

对于登陆这个旧线程的任何人：无论您的页面是否通过 iframe 加载，都有一种非常简单的方法来检查 PHP。

if( isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] == 'iframe' ) {}