0

In my website I have a simple form running with ajax. And in ajax property url: '/myfile/script.php' and that is the whole script file run that form. So if someone access that file using this url: localhost/myfile/script.php it can be accessed. But I wants to avoid being happening this.

$.ajax({
    url:"/myfile/script.php",  
    method:"POST",  
    data:{query:query},  
    success:function(data)

this is the ajax script. Please someone guide me through this if there are any methods available.

István
  • 5,057
  • 10
  • 38
  • 67
abish ban
  • 21
  • 6
  • 1
    You can't. If the user can access it with Ajax, they can access it any other way too. This sounds a lot like an [XY problem](http://xyproblem.info): what's the real problem you're trying to solve with this? – JJJ Oct 28 '16 at 12:35
  • 1
    Look for this answer: http://stackoverflow.com/questions/409496/prevent-direct-access-to-a-php-include-file – Sebastian Kaczmarek Oct 28 '16 at 12:35
  • the question is why do you want to avoid that ? – n00dl3 Oct 28 '16 at 12:38
  • Check to see if there's and XHR header. That's easy to get around, but it'll stop the casual. – Dave Newton Oct 28 '16 at 13:02
  • The basic approach would be "Keep the URL secret". If only the application knows about it, then only the application can make a request to it. – abish ban Oct 28 '16 at 13:37
  • 1
    There's no way to keep the URL secret. The user's device has to know the URL to be able to connect to it, and if the user's device knows the URL, then the user will know it too. – JJJ Oct 28 '16 at 17:50

0 Answers0