0

Is it possible to call a php class function DIRECTLY using ajax?

Something like below... except ajax...

myclass::myfunction();

I've been using the jquery library to work with AJAX.

$.get('control.php', {func: funcName, arg1: arg1});

The above is similar to what I'm trying to achieve MINUS the control.php;

I'm not sure if this is even possible, but I just thought it would be nice to skip the landing page (control.php) that recieves the funcName. I have a bunch of conditional statements that sort out what class function to run based on the funcName recieved.

It seems kind of silly to do this, to have a separate page just to handle function calls.

Is there a better way?

Improve this question

4 Answers 4

Reset to default
6

No.

If this were possible, it would be a gaping security hole.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Hrm, I don't understand. Can you explain why...? Give example. Thanks
@payling: Do you really want any javascript page able to call exec() directly? That's an example, but there are plenty of dangerous functions (and some of your functions probably aren't safe to be called like that either).
@payling if there was a way to invoke any method directly that way, one could simply (manually) construct a call that will perform just that. This way, anyone (with or without permission) could perform the logic inside that method (which is probably not a very good idea.)
Imagine what would happen if you could write $.ajax({func: 'unlink', path: 'C:\\Windows' }).
@payling I don't think SLaks meant that sort of safety. You can sanitize your data all you want, the kind of exploit we're talking about here exceeds all that. Imagine you have function promote($user_id) { mysql_query("UPDATE Users SET is_admin=true WHERE user_id=$user_id"); } you don't really want just about anyone calling this function now do you ;)
|
0

No. You can't invoke a method directly that way.

You could use routing (like the technique used in CodeIgniter and CakePHP) but that's just syntactic sugar that does the same thing -- control your routes to actions.

Improve this answer

Comments

0

It is not possible because of a simple reason. How should the AJAX knows, where to find the function. It needs to have a URL to locate the function so it doesn't work without a php file in between.

Improve this answer

Comments

0

No for security reasons but there is no reason why you can't do something like this

function run($args){
  //do stuff
}

echo run($_REQUEST);
//or
echo run($REQUEST['name']);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.