Protect the execution of my php script called from ajax [duplicate]

This question already has answers here: Closed 11 years ago.开发者_如何学Python

Possible Duplicate:

how to protect ajaxRequest.open php script

im making a ajax call from jquery to a php script located in my own server like: $.ajax({ url: 'ajax.php', ....

Its any way to protect the execution of this file directly? I mean, some IF statement that only let the code begin if the file ajax.php is called from lets say an jquery script writen in origin.html and NOT if the file is called directly?

Thanks for any help!

---

if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
 // code that has to be executed in response to ajax req.
}

ref: AJAX only access

---

If you ensure that the page only receives passed variables using $_POST[''] RATHER THAN $_GET[''] / $_REQUEST[''] variables, can act as a first line of defence.

This is because a POST is harder to fake and variables cannot be passed directly in the code through the URL like http://website.com?variable=hacked

---

If you want 100% certainty then you have to make some kind of authentication for that. One option could be to store a random key in a database from the page with the ajax script on it. Then pass that key to the ajax.php file. In the ajax file you check if the key is in the database. If so run the script, delete the key. If it's now in the database it's not a valid request.