Home/ Questions/Q 8166563
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T19:55:00+00:00

I have an html form which when it gets submitted it calls a JavaScript

  • 0

I have an html form which when it gets submitted it calls a JavaScript function which by using Ajax gets information from a PHP file using post and displays it back to the page.

The question is, is it possible to make the PHP file only accessible when using the above method instead of users being able to access it directly if they go through the JS method and find it’s location?

Edit: Adding a bit more information to help people out. Ajax is calling an external php file in order to update the contents of the website based on what the php file returns. Since all the Ajax calls are made in the JavaScript someone can easily find out the location and the arguments the function is using and basically call the php file directly, which is what I’m trying to avoid.

Using PHP sessions is a bit hard in this case, since I’m using Ajax I can’t destroy the session once the external PHP file is done since if I do the session never renews because I’m using Ajax to update the content of the website without refreshing it.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I agree with limscoder.

    Here is how I use tokens on submitting forms.

    1) initialize it and save it on server (when the page is loaded on the client side)

    $token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));

    2) add it to the form

    <input type="hidden" name="token" value="<?php echo $token;?>" />

    3) when submitted I check the token using

    if(isset($_SESSION['token'], $_POST['token']) && $_SESSION['token'] == $_POST['token'])
{
//code goes here
}
    • 0