•  28-11-2021
  •  | 
  •  

Question

I'm using this example in my Codeigniter project and want to know how I can prevent people using code below for DDoS style attacks? Do I change code below or should I do something in my Codeigniter controller?

Also one more thing, which approach is better?

VERSION 1:

var form_data = $(this).serialize();
$.post('ci_class/ci_method', form_data, function(response)

VERSION 2:

$(document).ready(function()
{
    $("#img_search").click(function(event)
    {
        event.preventDefault();

        var p    = $('#text_postcode').attr('value');
        var hash = $('#hidden_hash').attr('value');

        $.ajax({
            type        : 'POST',
            url     : 'ci_class/ci_method',
            data        : 'pc=' + pc + '&hash=' + hash,
            dataType    : 'json',
            success     : function(response)
            {
Was it helpful?

Solution

You can't do anything in the client code to prevent DDoS attacks, because attacks like that won't use the client code anyway.

Regarding which approach is better, it depends on what you think is better.

The first approach is simpler and adapts dynamically to any fields that you put in the form.

The second approach is more precise, and only sends exactly the data that is needed to the server, but the drawback is that you have to update the code when you add another field that you want to send to the server.

Tip: You can use the val method instead of attr('value'):

var p = $('#text_postcode').val();
var hash = $('#hidden_hash').val();

You can put the values in an object literal instead of concatenating strings to form the data:

data: { pc: pc, hash: hash },
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top