0
I have a file that sends some data to another page with ajax. These data are mostly numbers, and are not stored anywhere. Just picked up some data on inputs and send to the archive php with ajax, and then return these calculated values to the page.
first) Do I have to validate these values? For I valid them before with JS, but do I have to validate in php, even if only the returns to the main page?
2nd) We imagine that a person accesses this first page, or the second one directly with Curl, or something like that. It sends the method post, and returns the values of the calculations. Suppose she doesn’t have these calculations, and she goes to my page to get them... I would not want that to happen, for that, what I can do not accept that the person sent a direct request to either of the two pages. Or is there no possibility?
On the 2, impossible to block, can only complicate a little. How to protect an Ajax request - and there are more posts talking about item 2 than that. It is suggested that in the next questions do not mix two different subjects, which increases the chance of good answers, and then each answer can be given by a person who understands separately from each subject as well.
– Bacco