Yuri Boyz
asked on
Ajax Call Security
I am using various ajax calls in my PHP projects. In my jquery ajax request I usually call PHP files. I have few questions related to the security.
1)As Js code is visible by View source option, so a hacker can easily see the name of php file on which ajax request is send. Will hacker download that PHP file?
2) If hacker can download the php file he can view my code which is mostly related to DB operations. In that way he can perform SQL injections or some different attacks.
So how to secure it?
Here is my sample Ajax Request
Looking forward for some expert opinions.
Thanks
1)As Js code is visible by View source option, so a hacker can easily see the name of php file on which ajax request is send. Will hacker download that PHP file?
2) If hacker can download the php file he can view my code which is mostly related to DB operations. In that way he can perform SQL injections or some different attacks.
So how to secure it?
Here is my sample Ajax Request
jQuery.ajax({
type: "POST",
url:"ajax-search.php",
data: {input:input,path_base:path_base},
async: true,
error: function(jqXHR, textStatus, errorThrown) {
alert(jqXHR.status);
alert(textStatus);
alert(errorThrown);
},
success: function(result) {
jQuery("#img_search").html(result);
jQuery("#img_search_result").html("Results: " + jQuery(".search img").length);
}
});
Looking forward for some expert opinions.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You are welcome.
ASKER