For program security considerations, in some cases we need to detect whether a request is an AJAX request. How to judge? This article briefly shares the experience.
1. When using native JavaScript to issue an ajax request, we can add information to the request header to facilitate the back-end PHP program to distinguish. The method is as follows:
var xmlhttp=new XMLHttpRequest(); xmlhttp.open("GET","test.php",true); xmlhttp.setRequestHeader("X-Requested-With","XMLHttpRequest"); xmlhttp.send();
Here we add X_REQUESTED_WITH information to the header, with the value XMLHttpRequest. Of course, the value here can be set at will, such as: www.phpernote.com. In this way, you can write this in the receiving php program:
<?php // php 判断是否为 ajax 请求 if(isset($_SERVER['HTTP_X_REQUESTED_WITH'])&&strtolower($_SERVER['HTTP_X_REQUESTED_WITH'])=='xmlhttprequest'){ // ajax 请求的处理方式 }else{ // 正常请求的处理方式 }
2. The currently popular js framework jquery has taken this into account quite fully. When jQuery issues an ajax request, it will add a message named X-Requested-With to the header of the request. The message content is: XMLHttpRequest, so the backend PHP can also be judged using the above code.
Note: If your jquery request opens a web page through an iframe, the HTTP_X_REQUESTED_WITH parameter will not be passed, which means you have no way to determine the type of request.