可能重复: $p$pvent直接访问文件称为AJAX功能
我要创建依赖于AJAX调用到PHP页面的站点。有没有一种方法,以prevent访问原始数据? (即通过访问他们自己的POST请求的PHP文件)。
我会想这样做(如果可能)将是prevent PHP发送数据到任何不来自AJAX(因为有来自同一个域)的最佳方式。有什么建议?
解决方案 如果(用strtolower($ _ SERVER ['HTTP_X_REQUESTED_WITH'])=='xmlhtt prequest'){
//允许访问
}
其他
死亡(直接访问受限制的);
这是cheatable虽然
Possible Duplicate: Prevent Direct Access To File Called By ajax Function
I'm creating a site that relies on AJAX calls to to a PHP page. Is there a way to prevent access to the raw data? (i.e. accessing the php file via their own post requests).
I would guess the best way to do this (if possible) would be to prevent PHP from sending data to anything that doesn't come from AJAX (since that has to come from the same domain). Any suggestions?
解决方案if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
//allow access
}
else
die("Direct access restricted");
It's cheatable though