if (basename($_SERVER['PHP_SELF']) == basename(__FILE__)) { die('Access denied'); };

Earlier mentioned solution with PHP version check added:

    $max_includes = version_compare(PHP_VERSION, '5', '<') ? 0 : 1;
    if (count(get_included_files()) <= $max_includes)
    {
        exit('Direct access is not allowed.');
    }

You can use phpMyAdmin Style:

/**
 * block attempts to directly run this script
 */
if (getcwd() == dirname(__FILE__)) {
    die('Attack stopped');
}

Actually my advice is to do all of these best practices.

• Put the documents outside the webroot OR in a directory denied access by the webserver AND
• Use a define in your visible documents that the hidden documents check for:

      if (!defined(INCL_FILE_FOO)) {
          header('HTTP/1.0 403 Forbidden');
          exit;
      }

This way if the files become misplaced somehow (an errant ftp operation) they are still protected.

if ( ! defined('BASEPATH')) exit('No direct script access allowed');

will do the job smooth

The easiest way is to store your includes outside of the web directory. That way the server has access to them but no outside machine. The only down side is you need to be able to access this part of your server. The upside is it requires no set up, configuration, or additional code/server stress.