在 php 中验证 XMLHttpRequest [英] Verifying XMLHttpRequest in php
问题描述
我正在使用以下代码向 PHP 站点发送数据:
I am sending data to a PHP site using the following code:
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp= new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp= new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.open("GET","addEmail.php?email="+escape(email),true);
xmlhttp.send();
xmlhttp.close;
有什么方法可以确保 addEmail.php
通过 XMLHttpRequest
运行,这样人们就不能简单地访问 www.domain.com/addEmail.php?email=some@thing.com
让 php 站点吃掉他们的电子邮件并在页面上运行一千个请求?提前致谢
Is there any way of making sure that the addEmail.php
is being run through the XMLHttpRequest
so people cant simply go to www.domain.com/addEmail.php?email=some@thing.com
to make the php site eat their email and run a thousand requests on the page? Thanks in advance
推荐答案
用户总是可以直接访问 php 脚本,但是你可以通过在 php 脚本中添加这个检查来保护更多:
The users is always able to access the php script directly, but you can protect is a bit more by adding this check to the php script:
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')
{
//CODE HERE
}
此外,就像 Eugen Rieck 提到的那样,您可以发送令牌.
Additionally, like Eugen Rieck mentioned, you could send a token.
这篇关于在 php 中验证 XMLHttpRequest的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!