In this era, we are totally dependent on web applications and their wide-ranging uses, they are under continuous attack by hackers to perform malicious code and steal data through the manipulation of an enterprise’s web server. Remote and local file inclusion (RFI/LFI) attacks are a favourite choice for hackers and many security professionals aren’t observing which is affecting vulnerabilities in web applications that dynamically mention external scripts. An important part of these attacks is vulnerable source code, often written in unsafe codes with languages like PHP. Code analysis tools are a result to find vulnerabilities, but they tend to generate false positives, and require considerable effort for programmers to manually fix the code. Our method is to defence against this type of attack, we have implement a mechanism that defence & prevent the file injection by incorporating the technique of secure coding to eliminate file Injection vulnerabilities up to some extent. The propose approach is a defence for such attacks based on a secure coding practices, which computes the Secure by Design, Defence in Depth, Least Privilege, Positive Security, Fail Securely, Avoid Security by Obscurity, Complete Remediation.