I've got a simple php script here that recieves a POST data from my ajax script. But i want to make sure that only my own ajax script can have a successful request from the page and not some other ajax scripts to avoid brute attacks as ajax requests are faster and can consume website resources . Please, help on how to go about this guys. Thanks in advance

5 Years
Discussion Span
Last Post by Olagsfark

You could check from which website the user is referred to a page? Check out $_SERVER['HTTP_REFERER']. You can also add CAPTCHA validation to your form, which should be different for every form that is submitted. You store the correct CAPTCHA answer in a session when the form page is loaded, for example, and then validate if the answer is correct in the file in which the form data is processed.

By the way, AJAX requests are not simply always that much faster. It depends on which resources need to be loaded when you execute your AJAX file. If your base page needs to include 10 big files, and if your AJAX file needs those same files, you will have to include them again in your AJAX file, which does not necessarily speed up your application that much.

Oh and another thought: not only AJAX files are accessible through $_POST. Regular pages with a form on it can also be read; the target of a form can always be accessed.


if you want to just get your ajax requests your php code, then you must pass token pass a variable type as well as any other variable you pass, then you should validate it on the server with php, Greetings

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.