I am using ajax to send data to the server.
function savePersonalInfo()
{
$.ajax({
type: "POST",
url: "../php/function.php",
data: {
name : document.getElementById("name").value,
phone : document.getElementById("phone").value,
affiliateId : "AF001" },
}).done(function( msg ) {
// success or fail
});
}
But the thing is that anyone can edit affiliateId, and send their own data. I am setting the affiliateId in the function when a user login, using php. How can I authenticate an ajax call. Authentication here means knowing that whether the ajax call is made by the person to whom the account belongs or some random guy trying to messup the database.
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
},
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.