Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am working on some auto-suggest feature.
The script is fairly itself.
When a character is typed in to the textbox it sends a ajax post (or get) request to the php file which queries the database and returns a result set.
But the problem is that the php file is accessible on its own. So it can be called directly. Is there a way to prevent this and make that php file to serve only the ajax request on my application.
Thanks in advance.
No, there isn’t. If your script can be requested, it can be requested by anything. It is possible to differentiate ajax requests from normal ones by testing for the
x-requested-withheader and responding accordingly, that is, if it does not contain the valueXMLHTTPRequestyou simplyexit()the script. However, headers can always be spoofed. So no, you can’t.