-1

I have the following code inside my index.php file:

    <script type="text/javascript">
    $(document).ready(function(){
      refreshTable();
    });

    function refreshTable(){
        $('#tableHolder').load('refreshdata.php', function(){
           setTimeout(refreshTable, 10000);
        });
    }
</script>

What I want is to prevent execution of refreshdata.php using https://domainame.com/refreshdata.php

Alex B.
  • 1
  • 1
  • Does this answer your question? [How to check if the request is an AJAX request with PHP](https://stackoverflow.com/questions/18260537/how-to-check-if-the-request-is-an-ajax-request-with-php) – Alon Eitan Jun 26 '22 at 14:14
  • Welcome to Stack Overflow. There is no way to *prevent execution of refreshdata.php.* Execution of the requested page is handled by the Server not the Client. Please clarify what you are trying to accomplish. – Twisty Jun 26 '22 at 16:27
  • You can make it harder - but as described it’s not really possible to prevent as there’s no fundamental difference to the server between a request initiated from js and one emitted by e.g. curl. – AD7six Jun 26 '22 at 19:34

1 Answers1

0

You can't securely prevent direct access, because if it's accessible from your Ajax on your page in your browser, then it is accessible from well... the browser.

What you can do, is make it a POST request or add a parameter that will recognize this is not running from a regular browser window.

For example using your own code:

    function refreshTable(){
        $('#tableHolder').load('refreshdata.php', {dummy:1}, function(){
           setTimeout(refreshTable, 10000);
        });
    }
IT goldman
  • 14,885
  • 2
  • 14
  • 28