This function is viewable in the browser. I'm worried someone could somehow access the folder and manipulate the db. Can I keep this open in the frontend or do I need to secure it in the backend?
function fetchTotalLessons() { var xhr = new XMLHttpRequest(); var params = 'getTotal='+ encodeURIComponent('true'); xhr.open('GET', '../includes/fetchLessonPlans.php?'+ params, true); xhr.onload = function() { if (xhr.status === 200) { totalLessons = parseInt(xhr.responseText); totalPages = Math.ceil(totalLessons / lessonsPerPage); generatePaginationButtons(); } }; xhr.send();}I'm new to GET requests so just not sure if it's safe to have the URL so visible in the elements tab
