i have some pages which will be used internal ajax post form processing. like these
<script type="text/javascript">
function tab(x)
{
var x
jQuery.ajax({
type: 'POST',
url: 'catagory_tab.php',
data: {
y: x
},
success: function(html)
{
$("#result").html(html).show();
}
});
return false;
}
</script>
now if a user sees my webpage source code ( right click on page and view source code ) the the person will the "catagory_tab.php" page. then curiously he/she can open the page from browser. like typing www.example.com/catagory_tab.php. Then code will run from my page. So how to block this. i need that page for ajax post , but do not want that users can not open them directly.
Add this code in the top of that particular page.
// No direct access to this file
define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');if(!IS_AJAX) {die('Restricted access');}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.