where should the php script that ajax calls lie?

[ajoo]

Hi all !

 

I am using a drop down menu to fill a part of a form which uses the jquery $ajax function to pass data to the server.

$.ajax({
type: "POST",
url: "testdata.php",
.
.

I have for the time being placed the testdata.php script that ajax calls in the root folder and that works fine. The question is that is it OK to place the testdata.php in the root folder ?

 

Should i place this script along with my other scripts outside the root folder ? What's the right / correct way ?

 

Thanks all !

[Jacques1]

You cannot put the script outside of the document root, because then it isn't accessible for the client.

 

“Ajax requests” are just plain old HTTP requests. They work exactly like any other request.

[ajoo]

If however it could be done, it would also expose the internal path that would need to be passed into the ajax function along with the script name, probably creating a greater security risk maybe.

 

Thank loads.  

[Jacques1]

Files outside of the document root are by definition not publicly accessible, so passing filesystem paths to the webserver doesn't work.

 

If the client could just ask for an arbitrary file (like /etc/passwd), that would be insane.

[ajoo]

Thanks for clearing that !