I have an AJAX Function that calls a PHP Script and displays the result on a page.So, i have two pages, say:form.php - This is where the Input is gathered and displayedprocess.php - This is the php that is called and result from this is displayed on form.phpNow, here is my AJAX Function:\[code\]function showList(str){if (str==""){document.getElementById("message").innerHTML="";return;}if (window.XMLHttpRequest){// code for IE7+, Firefox, Chrome, Opera, Safarixmlhttp=new XMLHttpRequest();}else{// code for IE6, IE5xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");}xmlhttp.onreadystatechange=function(){if (xmlhttp.readyState==4 && xmlhttp.status==200){document.getElementById("message").innerHTML=xmlhttp.responseText;}}xmlhttp.open("GET","process.php?q="+str,true);xmlhttp.send();}\[/code\]As you can clearly see that value gathered from the form is passed to process.php as follows
rocess.php?q=1With each query string, a list is pulled from the database. The same list can also be pulled in by typing the domain.com/process.php?q=1,2,3, or so forth...My question is, how can i fix this loop hole so that requests coming from only my script have access to process.php and no one else?Thanks in advance!
rocess.php?q=1With each query string, a list is pulled from the database. The same list can also be pulled in by typing the domain.com/process.php?q=1,2,3, or so forth...My question is, how can i fix this loop hole so that requests coming from only my script have access to process.php and no one else?Thanks in advance!