AJAX versus CURL

I need to kno开发者_Python百科w the difference between CURL (in PHP) and AJAX (in Javascript) when it comes to know Source of the request.

UPDATED: What I want to know is if I am generating requests using AJAX what sender IP address would be received at the server side with the packet as source? The same is with CURL and for all users it will single ip address be sent. But is that the same case with JS? JS executes at the client side so would it be client IP address?

cURL is a server-side process. This means that it will be called before the page is rendered and has nothing to do with the client's capabilities.

AJAX, however, is a client-side call. This means that it will not be executed until the client loads the page (or at least that piece of code is seen and executed, but this typically works on document.ready).

If you're looking to retrieve the information and dump it to the user immediately then cURL is your best bet. If you'd like to do a progressive load (dump the page, then retrieve the content for a "seamless" load to the user) then AJAX is the best bet. All th while keep in mind, though in today's day and age it's semi trivial, AJAX may be disabled in cases of FireFox's NoScript extension.

That being said, the source of the cURL execution will be on the server. The source of the AJAX request will be on a per-client basis. Neither of which provide a secure means of detection (server-side) to know who sent what (as headers can be altered).

If you're trying to detect which method was used as the source of a request, there is no way to know for sure. Most browsers use the HTTP header X-Requested-With when sending a request via AJAX. The cURL library does send a user agent by default, but this can obviously be altered by the library. Both methods can be forged easily and should not be used for strict validation.

Edit:

The AJAX request will come from client that made the AJAX request. The cURL request will come from where the library was used. (e.g. if you're using PHP, it will come from the PHP server. If you're using it via CLI, then it will come from the server you executed the command from)

Obviously the requests could be behind proxies, etc.

The IP address that requested the javascript file from the server will be the same as the IP address that fired the ajax request back to the server from that file. See the same origin policy.