This question addresses the security / user end side of things.
Suppose I have a script that is called via ajax which will add something to a database.
The script checks for the request method. If it is from 'POST' then the script will carry out this function.
I do not want users accessing my pages and either getting an error or a blank page.
What is the 'ideal' way to deal with this?
My current plan is as follows: If it is not a POST method, redirect them to an error page in the same way as a 404 handler and then provide some links for elsewhere.
Returning a 400 Bad Request is a pretty standard way to indicate that the user got there without the proper data that's needed.
if(!isset($_POST)){
header("HTTP/1.0 400 Bad Request");
}
On top of that, you should spend some time investigating doing some cross site request forgery protection (CSRF) if you want to make sure only your UI posts to that page.
Try this, i use it in all my pages called via ajax:
if ($_POST['ajax'] == "ajax") { // You need to set this is your post ajax variables sent to this php file.
// all your code here
} else {
// Not needed for a blank page, or whatever you want for another page ie
header ("location: 404.php");
}