PHP - Secure Ajax Call from Hackers - Example

Today, In all web application we use Ajax call to get the server data without refresh the full page. In this cases, we get required data from server without refresh the page.

For Example
In Registration Page, We want to validate the unique email address of user


Following the Simple Steps to do more Secure your Ajax Call.

1. Ajax Check - Ajax url must give Response when request is from ajax.

 
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&  strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') 
{
echo "Ajax Call";
} else{
echo "No Ajax Call";
}

2. Domain Check - Ajax url must give response, when request from your own server.

if(!empty($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="WWW.mydomain.com/url")
{
 //Request from my server
}

3. Always use post Method 

4. Token System
 a) Create a token and encrypt  the data.
 b) Send with Ajax
 c) Before giving the result check the request with de-crypt

Best Related Posts are Following:

1. How can I prevent SQL-injection in PHP?.
2. What is Best method for sanitizing user input with PHP?.
3. Difference between Notice and warning and fatal error.
4. How can I prevent SQL-injection in PHP [SOLVED].
5. PHP Register Globals.
6. PHP Sessions and Cookie and Security.
7. Free Boost Web Application By 20% in Simple Steps.
8. PHP Check Mime Type of File - Return Information About A File.
9. Crontab Interview Questions and Answers.
10. Improve Ajax Performance.
11. PHP Captcha Code Example Code Snippets.
12. PHP - Secure Ajax Call from Hackers - Example.
13. htaccess code snippets example.
14. Manage Cron Job with PHP - SSH2 Connection.
15. Shared Server Security Risk open_basedir disable_functions disable_classes.
16. Spoofed Forms - Stop Spoofed Form Submissions.
17. Session Fixation.
18. Session Hijacking.
19. openssl private encrypt.
20. Cross Site Request Forgery.
21. SQL Injection Attack - PHP & MySQL.
22. Cross-Site Scripting - cross site scripting examples.
23. PHP INI settings.