Reputation: 636
As a beginner, I'm always wondering if what I'm doing is actually secure. For example, recently I finished working on some code which checks how many times a (cross-domain) iframe has been clicked. And when clicked, inserting a row into a MySQL (log) table based on an ajax request(with jquery) which wraps the ID of the iframe into a $_POST:
$.ajax({
url: 'execute.php',
data: {action: 'some-id'},
type: 'post'
});
However I'm wondering: Because JavaScript is executed client-side, is it possible for a user to send fake data through the ajax request to the 'execute.php' page?
Upvotes: 0
Views: 29
Reputation: 4141
is it possible for a user to send fake data through the ajax request to the 'execute.php' page?
It is completely possible, you should add validations on the server.
For example, if i go to your site, open the console and write this code:
$.ajax({
url: 'execute.php',
data: {action: '1'},
type: 'post'
});
It will send a request to your execute.php sending the info action=1
.
Upvotes: 2
Reputation: 39679
is it possible for a user to send fake data through the ajax request to the 'execute.php' page?
Yes.
Upvotes: 2