How to securely send POST data between JQuery and PHP?

Question

I would like to send data from a Jquery script to a php page using POST. My code is as follows:

$.ajax({
type: "POST",
url: 'http://mywebsite.com/add_data.php',
data: {value1: some_value, 
    value2: 123, 
    value3: ABC 

},

My php script captures the data and records them in MySQL database.

$myvalue1 = $_POST['value1'];
$myvalue2 = $_POST['value2'];
$myvalue3 = $_POST['value3'];

The problem is that since JS code is visible in the source code, anyone can submit anything to my database...

Is there an easy way to make it more secure and prevent this from happening?

Any advice appreciated.

Wouldn't this be handled at the web server level, something like apache authentication and authorization? — bassxzero, Oct 26 '17 at 12:39
use token (token generate on server side. when user hit ajax then first verify the token) also read the laravel csrf token documentation — Bilal Ahmed, Oct 26 '17 at 12:39
Use CSRF Tokens and verify them, this will ensure request is made from your server — Gaurav Rai, Oct 26 '17 at 12:40
https://stackoverflow.com/questions/29883223/secure-ajax-get-post-request-for-server — Himanshu Upadhyay, Oct 26 '17 at 12:43
https://stackoverflow.com/questions/37912937/how-to-send-secure-ajax-requests-with-php-and-jquery — Himanshu Upadhyay, Oct 26 '17 at 12:43
The problem is that both files are not on the same server... — Vonder, Oct 26 '17 at 13:04

score 3 · Answer 1 · answered Oct 26 '17 at 12:43

3

All data from the client always MUST be validated and sanitized, because all data from the client can be modificated/falsificated.

answered Oct 26 '17 at 12:43

Neodan

1 Answers1