Link to home
Start Free TrialLog in
Avatar of Yuri Boyz
Yuri BoyzFlag for Uganda

asked on

Ajax Call Security

I am using various ajax calls in my PHP projects. In my jquery ajax request I usually call PHP files. I have few questions related to the security.

1)As Js code is visible by View source option, so a hacker can easily see the name of php file on which ajax request is send. Will hacker download that PHP file?
2) If hacker can download the php file he can view my code which is mostly related to DB operations. In that way he can perform SQL injections or some different attacks.

So how to secure it?

Here is my sample Ajax Request
  jQuery.ajax({
        type: "POST",
		url:"ajax-search.php",        
		data: {input:input,path_base:path_base},
        async: true,

        error: function(jqXHR, textStatus, errorThrown) {
            alert(jqXHR.status);
            alert(textStatus);
            alert(errorThrown);
        },
        success: function(result) {

            jQuery("#img_search").html(result);
             jQuery("#img_search_result").html("Results: " +  jQuery(".search img").length);
        }
    });

Open in new window



Looking forward for some expert opinions.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Yuri Boyz

ASKER

thanks
You are welcome.