I'm new to using AJAX, and I just followed a tutorial to retrieve some info from my database using AJAX and outputting it on the page. There's a line where I call a php script which is where the database query is made, and the result is echoed out. I'm a little concerned that since the filename is visible on the frontend, and it's only purpose is to directly output database results, it might present a security issue. Is there any way to protect that file, and make sure it only runs the query when called via the ajax script?Here's the bit of ajax code in question (note the "somefile.php" line):\[code\]ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState == 4){ var ajaxResponse = ajaxRequest.responseText; element.innerHTML = '<h2>' + ajaxResponse + '</h2>'; }}ajaxRequest.open("GET", "somefile.php", true);ajaxRequest.send(null);\[/code\]Thanks for any answers.
how to protect ajaxRequest.open php script
- Thread starter ceekeigh
- Start date