hidden file problem in ajax

I saw a question in google groups (jquery) last week.

For example I have a page: http://mysite.com/content/index.php.
On this page I use $.ajax:
type: “GET”,
data: “data=123456”,
dataType: ‘html’,
url: “temp.php”,
error:  function(msg) {…},
success: function(msg) {…},
complete: function() {…}


where temp.php – http://mysite.com/content/temp.php. On temp.php I use
requests for DB with param from $.ajax – data=123456.

How I can protect page temp.php? For example, somebody typing
http://mysite.com/content/temp.php?data=123456 and then he can get all

I found one solution – using if($_SERVER[‘HTTP_REFERER’] == “http://
“) {….}

But Am not shure that it can realy protect my page? Or Am not right?


And i have tried something to avoid the view of that hidden page…


just adding a line at the beginning in temp.php we can prevent the access

this will stop the execution when the page accessed directly.
BUT, some say it will not work in all browsers.

So we can try,
Option 2:
By POST data
Change the above javascript – replace GET by POST
type: “POST“,
data: “data=123456”,
dataType: ‘html’,
url: “temp.php”,

Add these lines in temp.php at top
this will stop execution if the data given by query string like http://mysite.com/content/temp.php?data=123456

By combining the above two we can write

This will stop accessing the ajax hidden page directly.

This entry was posted in Ajax, Jquery, PHP, Tutorial and tagged , . Bookmark the permalink.

One Response to hidden file problem in ajax

  1. Thanks for every other excellent article. Where else may just anybody get that kind of info in such a perfect manner of writing? I have a presentation next week, and I’m at the look for such information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s