阻止非AJAX请求到PHP [英] Blocking non-AJAX requests to PHP

问题描述

  

可能重复：
  <一href="http://stackoverflow.com/questions/1756591/$p$pvent-direct-access-to-file-called-by-ajax-function">$p$pvent直接访问文件称为AJAX功能

我要创建依赖于AJAX调用到PHP页面的站点。有没有一种方法，以prevent访问原始数据？ （即通过访问他们自己的POST请求的PHP文件）。

我会想这样做（如果可能）将是prevent PHP发送数据到任何不来自AJAX（因为有来自同一个域）的最佳方式。有什么建议？

解决方案

 如果（用strtolower（$ _ SERVER ['HTTP_X_REQUESTED_WITH']）=='xmlhtt prequest'）{
     //允许访问
}
其他
   死亡（直接访问受限制的）;
 

这是cheatable虽然

Possible Duplicate:
Prevent Direct Access To File Called By ajax Function

I'm creating a site that relies on AJAX calls to to a PHP page. Is there a way to prevent access to the raw data? (i.e. accessing the php file via their own post requests).

I would guess the best way to do this (if possible) would be to prevent PHP from sending data to anything that doesn't come from AJAX (since that has to come from the same domain). Any suggestions?

解决方案

if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
     //allow access
}
else
   die("Direct access restricted");

It's cheatable though

这篇关于阻止非AJAX请求到PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！