0

I have a function that brings back all the user data and put it into a table. The function uses ajax request to a .php page. The problem is that everybody that goes to the .php website adress can see the data because I use echo json_encode. Is there any way I can hide this data when the function is not called from the website? Don't worry about the info. It is just test-fake names. The .php page result when accessing through url: .php page result
The .php code

<?php
 $db=mysqli_connect("xxxxxx");
if($db->connect_error)
{
    die("Feil i db");
}
$sql = "xxxxx";
    $resultat = $db->query($sql);

    $data=array();

    while($rad=mysqli_fetch_assoc($resultat)){
      $data[]=$rad;
    }
     echo json_encode($data);
?>

The ajax request looks like this:

    function listAlleMedlemmer()
        {
             $.ajax(
                 {
                 type:"POST",
                 url:"xxxxxxxxxxxxx.php",
                 dataType:"json",
                 data:{},
                 cache:false,
                 success:function(data){

                     //etc

I have already tried if($_SERVER['REQUEST_METHOD'] == "POST"){} from the answer on a almost similar question, but that did not work.

kreow
  • 1
  • 3
  • I think you can do that with ignoring direct access to page. there are several methods to do that (I didnt see a correct and complete solution yet) you need to serach for disallow direct access on internet. Here some solutions https://stackoverflow.com/questions/10236717/how-to-prevent-a-file-from-direct-url-access –  Mar 04 '20 at 08:59
  • _“The problem is that everybody that goes to the .php website address can see the data”_ - and why exactly is that a “problem”? You’re putting that data into a table for anyone to see anyway, right? – CBroe Mar 04 '20 at 09:19
  • You could try restricting access from another IP's than your server with .htaccess – WKoppel Mar 04 '20 at 09:49

0 Answers0