duanjia7607 2015-11-26 05:20
浏览 65

使用javascript ajax调用执行PHP脚本[关闭]

I have the following XMLHttpRequest:

# ....
var request = new XMLHttpRequest();
request.open('GET', 'controllers/get_date.php', true);
request.setRequestHeader('Cache-Control', 'no-cache');
request.setRequestHeader('fn', 'get_date');
request.setRequestHeader('day', '27/11'  );
# ....

And get_date.php looks like this:

if($_SERVER['HTTP_FN'] == 'get_date'):
   $day = Common::sanitize($_SERVER['HTTP_DAY']);
   $data = new MyFunction($day);
   echo $data->my_data();
endif;

Basically I'm trying to get some data from $data->my_data() and all of this is working fine. However as my back-end skills are quite limited. I am wondering if this is a proper way (considering mainly security) or if I should take another approach.

  • 写回答

2条回答 默认 最新

  • duan2477 2015-11-26 05:27
    关注

    You should avoid passing parameter data through HTTP header. HTTP header is for the HTTP layer to proper transport its data. It has its own purpose, but not for application parameters. Proxy, firewalls, gateways, load balancers etc could all inspect and re-write the header for the purpose of the HTTP transport. Your custom 'parameters' might get re-written, removed, or run into the same namspace of other header.

    Instead, I recommend you to pass using query string using GET or POST data.

    For example:

    request.open('GET', 'controllers/get_date.php?fn=get_date&day=27%2F11', true);

    And in PHP, getting the parameters using:

    $fn = $_REQUEST['fn'];
$day = $_REQUEST['day'];
if($fn == 'get_date') {
...
    评论

报告相同问题?

悬赏问题

  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?
  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计