StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
9664671
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2012-03-12T09:40:58.453
FavoriteCount
0
LastActivityDate
2012-03-12T09:40:58.453
LastEditDate
LastEditorUserId
0
OwnerUserId
1190665
ParentId
9664467
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
What you describe is normal. You have PHP files that are reachable in your www directory so apache (or your favored webserver) can read and process them. If you move them out you can't reach them anymore so there is no real option of that sort. After all your PHP files for AJAX are just regular php files, likely your other project also contains php files. Right ? They are not more or less at risk than any script on your server. Make sure you program "clean". Think about evil requests when writing your php functions, not after writing them. As you already did: correctly quote all incoming input that might hit a database or sensitive function. You can add security checks on your incoming values and create an automated email if you detect someone trying evil stuff. So you'll likely receive a warning in such cases. But on the downside: You'll regularly receive warnings because some companies automatically scan websites for possible bugs. So you will receive a warning on such scans as well. On top of writing your code as "secure" as you can, you may want to add a referer check in your code. That means your PHP file will only react if your website was given as referer when accessing it. That's enough to block 80% of the kids out there. But on the downside: a few internet users do not send a referer at all, some proxies filter that. (I personally would ignore them, half the (www) internet breaks on them anyway) One more layer of protection can be added by htaccess, you can do most within PHP but it might still be of interest for you: <a href="http://httpd.apache.org/docs/2.0/howto/htaccess.html" rel="nofollow">http://httpd.apache.org/docs/2.0/howto/htaccess.html</a>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to secure sensitive PHP files that process Jquery data?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USJohn
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to secure sensitive PHP files that process Jquery data?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. COI should maybe add: When I make ajax requests and the users have an account on my server then I usually pass a userid and a md5hash of the password (and some salt). That was you can easily see if the ajax request originates from a legal user.
 singulars
 PostPostId
 PO
 UserUserId
 USJohn

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.