سؤال
I have a website www.abc.com which has a page xyz.php. xyz.php takes a form submit event reads the data and saves in the database.
www.abc.com has a form with action on xyz.php. Now I can use console to send the same request without actually posting it from the HTML form.
https://stackoverflow.com/questions/21155181
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$.ajax({
type: 'POST',
url: 'www.abc.com/xyz.php',
data:{
"key1" : 'value1',
"key2" : 'value2'
},
success: function( textStatus, jqXHR,response) {
alert("Success");
},
error: function(textStatus,jqXHR , errorThrown) {
alert("ERROR");
}
});
I wonder how to validate on server side whether the data fetched is actually a user submit from the HTML form or was from a console.
And how to stop users from posting from the console input.
المحلول
You cannot.
An HTTP request is an HTTP request and a manually constructed one can look however the user wants it to (so while you can shove hidden fields, cookies and so on into the requirements for a request, they can always be replicated manually).
Use authentication/authorization and worry about who is sending the data, not what.
