jQuery自动完成 - 隐藏php请求页面内容
[英]jQuery autocomplete - Hide php request page contents
问题描述
I have an input field that autocompletes using text taken from a PHP page. 
我有一个输入字段,使用从PHP页面获取的文本自动完成。 It works well but is it possible to hide the text on the PHP page if it's accessed directly? 它运行良好但是如果直接访问它可以隐藏PHP页面上的文本吗? I realize that the way it works it's as if the user actually visited that page but is there a trick that would allow that? 我意识到它的工作方式就像用户实际访问过那个页面但是有一个技巧可以实现吗?
4 个解决方案
解决方案1
1 2011-04-08 15:23:03
不,你不能:正如你所说的那样,用户正在请求内容(以及用户的浏览器),因此内容必须是用户可访问的,每个“隐形”技术都可以被略显熟练的用户轻易击败。
解决方案2
1 2011-04-08 15:25:05
The first trick I can think of is to use http headers. 我能想到的第一个技巧是使用http标头。 On the code to load data for your autocomplete set a custom data that your php page reads to write his content otherwise you show nothing. 在为自动完成加载数据的代码中设置一个自定义数据,您的php页面会读取该内容以写入其内容,否则您不会显示任何内容。 When a user try to access the page directly (put the url on the browser) it show nothing because browser do not put your custom header 当用户尝试直接访问该页面时(将该URL放在浏览器上)它没有显示任何内容,因为浏览器没有放置您的自定义标头
$.ajax({
url: "data.php",
type: "GET",
dataType: "html",
headers: {custom:'showdata'},
success:function(){}
});
I use this trick to let my page knows what kind of content type to return because some times it should be json and other time it should be html 我使用这个技巧让我的页面知道要返回什么样的内容类型,因为有时它应该是json,其他时候它应该是html
Obviously it's not perfect but many users won't see the data your trying to hide 显然它并不完美,但许多用户不会看到你试图隐藏的数据
解决方案3
1 2011-04-08 15:32:15
Here's a simple way to make it a --little-- more well hidden. 这是一种简单的方法,可以让它变得更加隐蔽。 On the autocomplete data source page, check for a variable of any name you choose. 在自动填充数据源页面上,检查您选择的任何名称的变量。 For example: 例如:
if ($_GET['ninja'] != 'chop') { return 'Sorry, this page is not directly accessible'; if($ _GET ['ninja']!='chop'){return'抱歉,此页无法直接访问'; } else { //data generated and returned here } } else {//生成并返回此处的数据}
Yes, it can be defeated. 是的,它可以被击败。 But take into consideration, "what's the point?" 但要考虑到“有什么意义?” Are you storing mission critical data? 您是否存储关键任务数据? Is it really not to be seen? 真的不被人看见吗? This is the reason that many small websites contain horribly unsecure and XSS vulnerable code and yet never get hacked...it's just not worth it for a hacker to spend the time developing a custom hack to get to the data that's there. 这就是为什么许多小型网站包含可怕的不安全和XSS易受攻击的代码,但从未被黑客入侵......对于黑客来说,花时间开发自定义黑客以获取其中的数据是不值得的。 Hacking Windows, on the other hand, provides millions (billions?) of targets to do all sorts of nefarious things. 另一方面,黑客攻击Windows提供了数百万(数十亿?)的目标来处理各种邪恶的事情。 I'm certainly not saying that your site's not important, but it doesn't seem like a case where triple redundant security is necessarily required. 我当然不是说你的网站并不重要,但似乎不一定需要三重冗余安全性。
解决方案4
1 已采纳 2011-04-08 16:17:55
This should work, place it at the top of the page 这应该工作,将它放在页面的顶部
if($_SERVER['HTTP_X_REQUESTED_WITH'] !='XMLHttpRequest'){
die();
}
jQuery automatically sends headers with AJAX reqeusts jQuery使用AJAX reqeusts自动发送标头
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.