I'm creating an open source API using php and allowing the public to use it via jQuery AJAX GET.
I just need to know how I can make this secure.
For example, the users can call my php api on my server using jquery ajax like this:
var url = "http://mywebsite.com/api.php";
var variable = $("#variable").val();
$.ajax({
type: "GET",
url: url,
data: 'variable='+variable,
cache: false,
success: function(data){
$("#resultarea").html('' + data + '');
}
});
is there anything I need to do/Know for securing this API before presenting it to the public?
Any advise would be appreciated.
You can encrypt your data before sending like answered here .. Best way to guarantee correct Ajax calls parameter values
Hope it helps :)
Related
In my php file 'login_success.php', I have a the variable $_COOKIE["user"]
Would it be possible to return that variable within a jQuery Ajax statment such as this one. ive made a guess with Var UserName =:
function StartAjax(NameID){
$.ajax({
type: "POST",
url: "login_success.php",
cache: false,
data: "name=Peter&location=Sheffield",
success: function(html, status){
$("#"+NameID).append(html);
//$('#status').append(status);
var userName =
}
});
login_success.php:
echo $_COOKIE['user'];
Ajax asks for the page, returns the output/content (what is echoed). Please note: Javascript is client side. PHP is server side. So you can't directly access PHP variables, but as done above, PHP can "give" the client the info it needs. If you're sending a lot of data, you can json_encode it for the ajax request. (you can learn about JSON on your own)
Also note, Javascript can access cookies, but I'm assuming this is just a sample question.
Is it possible to refer an AJAX POST to a specific function within a PHP file?
$.ajax({
type: "POST",
url: "functions.php", //somehow specify function?
data: "some data...",
success: function(){
alert('Success!');
}
});
Or is there a way to have functions.php receive data and know what to do with it? If not, are there any other suggestions for getting data over to mySQL (using PHP/jQuery)? Thanks!
The data sent to the php file using POST can be accessed in php using:
$datasent = $_POST['name'];
Given that you sent data as:
$.ajax({
type: "POST",
url: "functions.php", //somehow specify function?
data: {name:"Jesse"}, //data goes here
success: function(){
alert('Success!');
}
});
Not directly. You'd need to post certain data, and have PHP check the POST variables to choose the correct function.
Perhaps have a look at some tutorials (unfotunately the jQuery links for php tutorials are broken).
Is it possible to refer an AJAX POST to a specific function within a PHP file?
No. jQuery doesn't know what PHP is, even less what a PHP function is. jQuery talks to server side urls. Whether those urls are static html files, PHP scripts, Java servlets, Python I don't know what, CGI scripts, is not really important.
So you could use the data setting to pass parameters to this server side url which based on the values of those parameters could invoke one or another function.
If you want to call a specific function, change ur jquery:
$.ajax({
type: "POST",
url: "functions.php", //somehow specify function?
data: {function:"doSomething",name:"Jesse"}, //data goes here
success: function(){
alert('Success!');
}
});
In your php add:
call_user_func($_POST['function']); // This will call what ever function name is passed as parameter
function doSomething(){
echo $_POST['name'];
}
I'm trying to implement a simple api request to the SEOmoz linkscape api. It works if I only use the php file but I want to do an ajax request using jquery to make it faster and more user friendly. Here is the javascript code I'm trying to use:
$(document).ready(function(){
$('#submit').click(function() {
var url=$('#url').val();
$.ajax({
type: "POST",
url: "api_sample.php",
data: url,
cache: false,
success: function(html){
$("#results").append(html);
}
});
});
});
And here is the part of the php file where it takes the value:
$objectURL = $_POST['url'];
I've been working on it all day and can't seem to find the answer... I know the php code works as it returns a valid json object and displays correctly when I do it that way. I just can't get the ajax to show anything at all!!
...data: 'url='+encodeURIComponent(url),
I have an application with URLs like this:
domain.com/category1/category2/ etc.
I see that ajax understands the # and can pass the params to my php script. I am wondering if there is a way in ajax to do the following URL:
domain.com/#category1/category2/
If so, is there a function that I can use in jquery to do this? I have seen jquery bbq but im a big confused how this helps me. It feels like there is an easier way, to just remove the hash and pass the remaining url to my php script, then return the page fragment?
How would I set up my php script to return the main page fragment without the header and footer being refreshed? Do I need to detect that # or javascript has been called and then return the relevant fragment?
i am trying it this way but its not posting the Ajax : hasher parameter.
<script>
hasher = document.location.hash;
hasher = hash.replace(/^.*#/, '');
$.ajax({ type: 'POST', url: url, data: {ajax:hasher}, dataType: 'html' });
</script>
<?php
echo $_POST['ajax'];
?>
Am I doing something wrong?
Cheers for any helps
Ke
You can get the hash value (after #) by getting document.location.hash property (this is standard property, not jQuery) and then pass it to the server-side script by calling $.ajax with some param like {hash:document.location.hash} in data.
Am I doing something wrong?
Yes.
You are using hash var in second line instead of hasher.
wrong regexp: you're trying to find anything BEFORE the #symbol, but you have just to remove # from the start of the document.location.hash
Take a look into following example
$('a.submit').click(function(){
var hasher = document.location.hash;
hasher = (hasher.length>0)?hasher.substr(1):'';
$.ajax({
type: 'POST',
url: '/test.php',
data: {ajax:hasher},
dataType: 'html',
success:function(response) {
$('#ajax').html(response)
}
});
return false;
});
I'm doing an AJAX call using jQuery's JSON feature.
function get_words_json(address, username, paging_value) {
$.ajax({
type: "GET",
url: "json/" + address,
dataType: "json",
data: "username=" + username + "&paging_no_st=" + paging_value,
success: function(json){
pop_word_list(json, paging_value);
}
});
}
As you can see, I'm sending the response to another JavaScript function, but what I'd like to do is send the response to PHP. Is this possible, say to directly convert the response into a PHP array (not using JavaScript) and then use PHP to handle the array, etc?
Thanks in advance.
You could perform another Ajax call to the php script in the success function, passing along the JSON data as a POST param.
do this?
js (ajax) -> php (array conver to ajax) -> js (ajax) -> php ?
function get_words_json(address, username, paging_value) {
$.ajax({
type: "GET",
url: "json/" + address,
dataType: "json",
data: "username=" + username + "&paging_no_st=" + paging_value,
success: function(json){
json["paging_value"] = paging_value;
$.post("x.php", json);
}
});
}
The whole idea doesn't stick together at all... but:
If there is a reason to do that - then You want to do the $.post('phpfile.php',json,function(){},'text or whatever type You want in return');
and the whole json object goes to PHP's $_POST[] as suggested above, but I can see NO case where it should be done that way.
If You get that json from some code You can't change and want to use data in php do:
use cURL to get the data from another thing
use json_decode($data,true) to get assoc table of the whole thing
If You don't know what You're doing :)
just pass the object to another function without useless sending stuff back and forth. You might want to do empty AJAX call to trigger the php file, nothing more.