drwurqczo39355510 2014-03-17 16:37
浏览 8
已采纳

安全的AJAX div更新

I'm pretty new to AJAX so forgive me if this is a dumb question:

I would like to update a div with the content of a php-file which lies within a protected folder so it only can be included within a php-file but not adressed from the browser. Since JavaScript is client-side this would mean I couldn't call it, right?

For example I got my index.php with the following code (jQuery included):

<script>
$("#content").load("includes/login.php");
</script>

Where #content refers to a div. This works fine but as includes should not be accessible it becomes problematic.

Then I thought I could put something like a "wrapper.php" in the accessible area which then includes the specific php-files depending on which variables you give it.

Is this the correct way to approach this or am I doing it wrong?

  • 写回答

2条回答 默认 最新

  • dongzhong8834 2014-03-17 17:07
    关注

    I think the idea of a "wrapper.php" is right. If you want to use it for many files you could do something like this, checking if it is an AJAX call to prevent direct load of the file:

    // wrapper.php
<?php
// Check if it is AJAX
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
    $filename = $_GET['f'];
    include 'includes/'.$filename.'.php';
}

    And then:

    $("#content").load("wrapper.php?f=login");

    But be carefull with this, because it may be insecure.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 HC32L176调试了一个通过TIMER5+DMA驱动WS2812B
  • ¥15 三菱FX系列PLC串口指令
  • ¥15 cocos的js代码调用wx.createUseInfoButton问题!
  • ¥15 关于自相关函数法和周期图法实现对随机信号的功率谱估计的matlab程序运行的问题,请各位专家解答!
  • ¥15 Python程序,深度学习,有偿私
  • ¥15 扫描枪扫条形码出现问题
  • ¥35 poi合并多个word成一个新word,原word中横版没了.
  • ¥15 【火车头采集器】搜狐娱乐这种列表页网址,怎么采集?
  • ¥15 求MCSCANX 帮助
  • ¥15 机器学习训练相关模型