我使用的上传与阿贾克斯和PHP文件的jQuery脚本。它发送一个请求到upload_a_file.php然后上传文件。

I'm using a jquery script that uploads files with ajax and PHP. It sends a request to upload_a_file.php which then uploads files.

有没有一种方法，我可以确保u​​pload_a_file.php不直接在浏览器中加载？

Is there a way that I can make sure upload_a_file.php is not loaded directly in a browser?

我试图把upload_a_file.php上面我的public_html文件夹中。但似乎无法得到的JavaScript加载upload_a_file.php。

I tried putting upload_a_file.php above my public_html folder. But can't seem to get javascript to load upload_a_file.php.

下面是我使用的JavaScript要求upload_a_file.php的URL格式：

Here is the url format I use in the javascript to request upload_a_file.php:

../upload_a_file.php

它甚至有可能访问上面的public_html文件的JavaScript？

Is it even possible to access files above public_html with javascript?

推荐答案

JS不能在服务器上访问任何东西，你自己作为一个用户不能。如果文件是网站的文档根目录之外，它不是由用户访问，或通过JS。想象一下，好玩的地方网站是，如果JS能神奇地绕过访问限制的服务器上，并抓住了。 噢，我要抓住这个银行的帐户列表，但它不是在文档根目录下。还好我有Javascript中，它可以做的一切！

JS cannot access anything on a server that you yourself as a user cannot. If a file is outside of the site's document root, it is NOT accessible by a user, or by JS. Imagine the fun place the web would be if JS could magically bypass access restrictions on a server and grab any more. "Aww, I was going to grab this bank's accounts list, but it's not in the document root. Good thing I've got Javascript, it can do everything!"

这将会是像 24 ，其中打补丁到子网能神奇地绕过任何防火墙，并从机器这是数据甚至没有在网上或每个情节（更好的）甚至没有通电。令人惊奇的事情，这些子网。

It'd be like every episode of 24, where "patching into the subnet" can magically bypass any firewall and get data from machines which aren't even online or (better yet) not even powered up. Amazing things, those subnets.