I have an AJAX Function that calls a PHP Script and displays the result on a page.
So, i have two pages, say:
form.php - This is where the Input is gathered and displayed process.php - This is the php that is called and result from this is displayed on form.php
Now, here is my AJAX Function:
function showList(str)
{
if (str=="")
{
document.getElementById("message").innerHTML="";
return;
}
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("message").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","process.php?q="+str,true);
xmlhttp.send();
}
As you can clearly see that value gathered from the form is passed to process.php as follows:
process.php?q=1
With each query string, a list is pulled from the database. The same list can also be pulled in by typing the domain.com/process.php?q=1,2,3, or so forth...
My question is, how can i fix this loop hole so that requests coming from only my script have access to process.php and no one else?
Thanks in advance!
