CODEWITHSUNDEEP
phpjqueryajaxpostinspect
Nasir Aliyev
Nasir Aliyev

Reputation: 126

how to block or protect ajax post values from browser inspect element

 function updateR()
 {

    $.ajax({
       type: "POST",
       url: "update.php",
       data: { surprize: '12345678910', dpoint: point, dlevel: level }
         }).done(function( msg ) {
         //   alert( "Data Saved: " + msg );
        });

 }

it my function . how to block or protect ajax post values (point or level) from browser inspect element if user want open browser inspect element and change value point ?

Upvotes: 0

Views: 1804

Answers (3)

Ahmed Aeon Axan
Ahmed Aeon Axan

Reputation: 2139

In short, you cant!. Yes you can do a bunch of stuff to hide it in some way or add some garbage to obfuscate it but in the end a determined user will find it. Quite simply because the user can see the code that is responsible for sending this to the server.

Now you can make it difficult for someone trying to this, by maybe adding junk values to the AJAX request, or by appending the actual data with some number of junk values. But then you have to obfuscate your javascript code which is responsible for doing this too.

But dont dont dont dont ever rely on this! Because you can only make it difficult but someone determined will be able to do it. And if you find yourself in a situation where you need to send some data to the server that is confidential to the user, then you need to re think your system architecture instead of trying to hide the request from the user.

Upvotes: 2

Idan Gozlan
Idan Gozlan

Reputation: 3203

Actually, user can send whatever he wants, if its through browser or just command line / any other tool.

You have to sanitize & filter your input on your server side.

For ex. if you know that you want only numeric values for post var named 'surprize', you have to validate it by the following way:

if(empty($_POST['surprize'])||!is_numeric($_POST['surprize'])){
  //invalid surprize
  die('Bad Surprize value');
}

Upvotes: 0

Björn Mårtensson
Björn Mårtensson

Reputation: 709

A web application is a client server application, you can never trust data that is coming from the client, maybe you could do it harder to cheat, but the user always has the possibility to send modified data to your server.

Upvotes: 0

Related Questions