securing a jquery ajax to php connection
my ajax code is:
$.ajax({
type: "POST",
url: "save.php",
data: {
name: $(this).attr('name'),
value: $(this).val(),
id: <?php if(!empty($_SESSION['user'])) echo $_SESSION['user'];?>
}
});
and in save.php i'm checking with this condition:
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) ||
$_SESSION['user']!=$_POST['id']){
//then show an error
}
is this the correct method to prevent unauthorized call to save.php?
No comments:
Post a Comment