stackoom
  简体   繁体   中英

jQuery autocomplete - Hide php request page contents

 原文  2011-04-08 15:18:53       php/ jquery/ html/ autocomplete/ hide

Question

I have an input field that autocompletes using text taken from a PHP page. It works well but is it possible to hide the text on the PHP page if it's accessed directly? I realize that the way it works it's as if the user actually visited that page but is there a trick that would allow that?

4 answers

solution1
 1  2011-04-08 15:23:03

不,你不能:正如你所说的那样,用户正在请求内容(以及用户的浏览器),因此内容必须是用户可访问的,每个“隐形”技术都可以被略显熟练的用户轻易击败。

solution2
 1  2011-04-08 15:25:05

The first trick I can think of is to use http headers. On the code to load data for your autocomplete set a custom data that your php page reads to write his content otherwise you show nothing. When a user try to access the page directly (put the url on the browser) it show nothing because browser do not put your custom header 

$.ajax({
    url: "data.php",
    type: "GET",
    dataType: "html",
    headers: {custom:'showdata'},
    success:function(){}
});

I use this trick to let my page knows what kind of content type to return because some times it should be json and other time it should be html

Obviously it's not perfect but many users won't see the data your trying to hide

solution3
 1  2011-04-08 15:32:15

Here's a simple way to make it a --little-- more well hidden. On the autocomplete data source page, check for a variable of any name you choose. For example:

if ($_GET['ninja'] != 'chop') { return 'Sorry, this page is not directly accessible'; } else { //data generated and returned here }

Yes, it can be defeated. But take into consideration, "what's the point?" Are you storing mission critical data? Is it really not to be seen? This is the reason that many small websites contain horribly unsecure and XSS vulnerable code and yet never get hacked...it's just not worth it for a hacker to spend the time developing a custom hack to get to the data that's there. Hacking Windows, on the other hand, provides millions (billions?) of targets to do all sorts of nefarious things. I'm certainly not saying that your site's not important, but it doesn't seem like a case where triple redundant security is necessarily required.

solution4
 1 ACCPTED  2011-04-08 16:17:55

This should work, place it at the top of the page 

  if($_SERVER['HTTP_X_REQUESTED_WITH'] !='XMLHttpRequest'){
     die();
  }

jQuery automatically sends headers with AJAX reqeusts

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question In php how to hide contents of a page if url not matched JQUERY AJAX call returning PHP page contents Show/Hide using JQuery in PHP page Jquery Autocomplete with PHP jQuery Autocomplete Mysql PHP Autocomplete PHP JQuery Oracle jquery autocomplete with json and php jQuery + PHP Autocomplete JQUERY AutoComplete and PHP MVC Jquery “Autocomplete” with php and mysql
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM