duanjia7607 2015-11-26 05:20
浏览 65

使用javascript ajax调用执行PHP脚本[关闭]

I have the following XMLHttpRequest:

# ....
var request = new XMLHttpRequest();
request.open('GET', 'controllers/get_date.php', true);
request.setRequestHeader('Cache-Control', 'no-cache');
request.setRequestHeader('fn', 'get_date');
request.setRequestHeader('day', '27/11'  );
# ....

And get_date.php looks like this:

if($_SERVER['HTTP_FN'] == 'get_date'):
   $day = Common::sanitize($_SERVER['HTTP_DAY']);
   $data = new MyFunction($day);
   echo $data->my_data();
endif;

Basically I'm trying to get some data from $data->my_data() and all of this is working fine. However as my back-end skills are quite limited. I am wondering if this is a proper way (considering mainly security) or if I should take another approach.

  • 写回答

2条回答 默认 最新

  • duan2477 2015-11-26 05:27
    关注

    You should avoid passing parameter data through HTTP header. HTTP header is for the HTTP layer to proper transport its data. It has its own purpose, but not for application parameters. Proxy, firewalls, gateways, load balancers etc could all inspect and re-write the header for the purpose of the HTTP transport. Your custom 'parameters' might get re-written, removed, or run into the same namspace of other header.

    Instead, I recommend you to pass using query string using GET or POST data.

    For example:

    request.open('GET', 'controllers/get_date.php?fn=get_date&day=27%2F11', true);

    And in PHP, getting the parameters using:

    $fn = $_REQUEST['fn'];
$day = $_REQUEST['day'];
if($fn == 'get_date') {
...
    评论

报告相同问题?

悬赏问题

  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算
  • ¥15 java如何提取出pdf里的文字?