I have a DataTables table that loads data from
$table.dataTable({
ajax: 'path/to/getData.php',
});
getData.php
makes some database calls and returns json_encode()
of the output array and DataTables is able to parse it just fine.
However if someone was to go to http://mywebsite.com/path/to/getData.php, they would be able to see all of the raw JSON data and potentially scrape it.
Is there a way to prevent people from accessing getData.php
unless it is called by dataTables?
I'm fairly certain this will have to be a modification to the PHP code since anyone could potentially see my workaround via Javascript.
CodePudding user response:
I ended up using $_SESSION
variables.
At the start of the page that contains the table, I set $_SESSION['secure'] = true;
In my getData.php
file, I have:
if($_SESSION['secure']) {
echo json_encode($output);
$_SESSION['secure'] = false;
}
To reset the secure
session variable.