如何使用 jQuery 封装 ajax 请求?
我正在实现一个 PHP 应用程序,我在表单中大量使用 AJAX 来发送和检索值。我正在实现的典型 jQuery 函数是
(function($){
$.fn.saveCountry = function(destinationUrl) {
this.click(function(){
var formData = $('form').serialize();
$.ajax({
type: 'POST',
url: 'path/to/files/models/directory/process.php',
data: 'option=savecountry&'+formData,
success: function(msg){
if(msg === 'empty') {
alert('Required Values Missing');
} else if(msg == 'DR'){
alert('Duplicate Entry Found');
} else {
destinationUrl(msg);
}
}
});
});
}
}($));
上述函数的问题,例如它公开了我的应用程序的应用程序结构。对象 url: 'path/to/files/models/directory/process.php', 显示有关我正在使用的目录结构的信息。这是一种威胁,因为任何有权访问控制台的人都能够监视请求发生的情况并可能滥用它。无论如何,我可以向外界隐藏这些数据吗?
谢谢。
i am implementing a PHP application, i am using AJAX heavily in forms to send and retrieve values. the typical jQuery function i am implementing is
(function($){
$.fn.saveCountry = function(destinationUrl) {
this.click(function(){
var formData = $('form').serialize();
$.ajax({
type: 'POST',
url: 'path/to/files/models/directory/process.php',
data: 'option=savecountry&'+formData,
success: function(msg){
if(msg === 'empty') {
alert('Required Values Missing');
} else if(msg == 'DR'){
alert('Duplicate Entry Found');
} else {
destinationUrl(msg);
}
}
});
});
}
}($));
the problem with the above function is it exposes the application structure of my application for example. the object url: 'path/to/files/models/directory/process.php', reveals the information about the directory structure i am using. this is a kind of threat as anyone with the access to console will be able to monitor what is happening with the request and could misuse it. is there anyway i could hide this data from the outside world?
thank you.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
最终没有。
如果用户愿意,他们总是能够找到 ajax 请求的 URL。
它可以像打开 firebug 并观察发出的请求一样简单。
我建议使用某种 URL 抽象,例如 URL 重写,以隐藏文件系统的物理结构。这样您就不会特别担心人们会看到您的网址。
Ultimately no.
The user will always be able to find out the URL of the ajax request if they wish to.
It can be as simple as opening up firebug and watching the requests that are made.
What I'd sugest is some kind of URL abstration such as URL Rewriting in order to hide the physical structure of your file system. This way you'll not have that specific concern about people seeing your URLs.
我不是PHP程序员(很多年前就接触过它),所以我会给你一个笼统的答案。
只需创建一个代理页面,它隐藏应用程序的内部运作。代理页面只是浏览器和应用程序本身之间的一个入口。它的作用是将您随 AJAX 调用一起传递的 ID 转换为应用程序中的函数(它可以做更多的事情,但我尽量保持简单)。它传递您在 AJax 调用中提交的数据。代理将从函数传回的任何数据发送回浏览器。
JavaScript 代码看起来与您已有的代码几乎相同。唯一的变化是
url将是代理页面的 URL,而data还将包含一个 ID,其值与该函数的值相对应。您希望在代理中执行。您的所有 AJAX 调用都可以通过此代理页面路由,因为每个函数都有一个唯一的 ID。
这需要预先编程,但是当您完成一次后,您可以在未来的项目中重用部分代码。
I'm not a PHP programmer (touched it many years ago), so I'll give you a general answer.
Simply create a proxy page, which hides the internal workings of your application. The proxy page is just a go in between the browser and the application itself. What it does is translating an ID that you pass along with the AJAX call to a function in the application (it could do more than that, but I try to keep this simple). It passes along the data you submitted in your AJax call. The proxy would send back any data passed back from the function to the browser.
The JavaScript code would look pretty much the same as the code you already have. The only changes would be that the
urlwould be the URL of your proxy page and thedatawould also contain an ID with the value that corresponds to the value of the function that you wish to execute in the proxy.All your AJAX calls can be routed through this proxy page, since each function would have an unique ID.
It's a bit programming upfront, but when you've done this once, you can reuse parts of the code in future projects.
不。您需要以任意请求都不会导致任何问题的方式编写服务器端代码。
No. You need to write your server-side code in a way that arbitrary requests won't cause any problems.