I’ve recently setup an autocomplete on an input field with JQuery . I set

Question

0

Asked: June 11, 20262026-06-11T07:00:00+00:00 2026-06-11T07:00:00+00:00

I’ve recently setup an autocomplete on an input field with JQuery . I set

0

I’ve recently setup an autocomplete on an input field with JQuery. I set its source to be a publically accessible PHP page on my server.

$(document).ready(function() {
    $("input#q").autocomplete({
        minLength: 3,
        delay: 500,
        autoFocus: true,
        source: "ac.php"
    });
});

ac.php polls a search service running on the server after sanitizing input it receives.

What I want to know is if there are any ways to force access to ac.php only via the autocomplete form? I was thinking checking referrers but that can be bypassed with tools like tamperdata.

Do I even need to worry about leaving the helper publicly accessible?

Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-11T07:00:02+00:00

Editorial Team

2026-06-11T07:00:02+00:00Added an answer on June 11, 2026 at 7:00 am

It’s not possible. Any ajax request in fact is an ordinary HTTP request that can be forged.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve recently setup an autocomplete on an input field with JQuery . I set

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply