Menu
I use my PHP back-end to detect AJAX requests by checking for a value in $_SERVER['HTTP_X_REQUESTED_WITH'].
This gives me a reliable detection, making sure the request is made utilizing AJAX techniques.
How can I make sure the request came from my own domain, and not an external domain/robot?
www.example.com/ajax?true could allow anyone to make an AJAX call and cut the information.
I could make sessions for everyone that enters my website normally, and then allow AJAX calls.. but that can be faked too.
Does it even matter these days?
652
$. ajax({ url: "page. php", data: stuff, success: function(response){ console. log("success"); } });
Start Using AJAX Today In our PHP tutorial, we will demonstrate how AJAX can update parts of a web page, without reloading the whole page. The server script will be written in PHP. If you want to learn more about AJAX, visit our AJAX tutorial.
Let you Controller
In your View
Back in your Controller
Check these security guidelines from OpenAjax.
Also, read the article on codinghorror.com Annie linked.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
