what is the best method?
I use this way...
index.php
<?php
$secure = true;
include_once("file.php");
?>
I do not want opens file.php directly. so in first line I wrote this code: file.php
<?php
// first line I wrote this code:
if(!isset($secure)) exit('No Access');if(!$secure) exit('No Access');
... some code ...
?>
Do you think my method is true?
It's a commonly used method in many cms and frameworks. Usually by defining a constant instead of setting a variable, but the idea is the same.
E.g., in Wordpress:
defined('ABSPATH') or die("Cannot access pages directly.");
Still, if you have full control of your setup (e.g., not installing a third party CMS or framework), putting your files where the webserver can't access them is usually better.