是否应该将处理/验证由AJAX调用的数据的PHP文件放在“ include”文件夹中,并使用户无法访问?
[英]Should the PHP files that do processing/validation of data called by AJAX be put in 'include' folder and made inaccessible to the user?
问题描述
My Question is suppose I have a form which needs validation through AJAX. 
我的问题是假设我有一个需要通过AJAX进行验证的表格。 The AJAX is sending data to to a file called do_ajax_validation.php . AJAX正在将数据发送到名为do_ajax_validation.php的文件。 Now should I put this file in 'include' folder and name it do_ajax_validation.inc.php and bar it from direct access of the user or should I put it in the directory in which the original form resides? 现在,我应该将此文件放置在“ include”文件夹中,并将其命名为do_ajax_validation.inc.php并禁止其直接访问用户吗?还是应该将其放置在原始表单所在的目录中?
Edit: And the same question is for the files which do processing of data of forms (or the files which are defined in the action property of the form tag) 编辑:相同的问题是对于处理表单数据的文件(或在form标记的action属性中定义的文件)
1 个解决方案
解决方案1
1 2010-05-13 08:34:41
You can't prevent the user from directly accessing the file. 您不能阻止用户直接访问文件。 If you do, you prevent the XMLHttpRequest object from accessing it too! 如果这样做,您也将阻止XMLHttpRequest对象访问它!
You should have a reasonable URI for the XHR to access. 您应该具有一个合理的URI,XHR才能访问。 Beyond that, structure your files in whatever fashion makes the site easiest to maintain. 除此之外,以任何使网站最易于维护的方式构造文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.