I have something like this:
$.getJSON('/scripts/commons/theScriptDoTravelBackInTime.php',{
}, function(){
// etc.. etc...
}
});
Is there a way to stop the php script from being executed simply by a direct call in the address bar like http://www.myserver/scripts/commons/theScriptDoTravelBackInTime.php ?
Maybe outputting an echo "Hey no cheating !"
This is what the kohana framework uses:
public static function is_ajax()
{
return (isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');
}
You could look at the HTTP-Referer data. If it's blank, then it came from typing or pasting the URL. If it's not blank, then that field will show you where the link came from.
basic, not 100% safe, but commonly quoted
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
//your code
}
If you use zend framework there is a nice way of checking it
if($this->_request->isXmlHttpRequest())
{
//The request was made with JS XmlHttpRequest
}