It is useful to prevent direct access of AJAX calls (from browser address bar).
A solution could be the following simple function
check_is_ajax():
/**
* Check if request is an AJAX call
*
* @param string $script script path
*/
function check_is_ajax($script) {
$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
if(!$isAjax) {
trigger_error('Access denied - not an AJAX request...' . ' (' . $script . ')', E_USER_ERROR);
}
}
Example
Put the following at the top of your AJAX call:
check_is_ajax(__FILE__); // prevent direct access
References
From PHP manual
- php $_SERVER array (PHP 4 >= 4.1.0, PHP 5)
Entrepreneur | Full-stack developer | Founder of MediSign Ltd. I have over 15 years of professional experience designing and developing web applications. I am also very experienced in managing (web) projects.
