PHP - Secure Ajax Call from Hackers - Example

Today, In all web application we use Ajax call to get the server data without refresh the full page. In this cases, we get required data from server without refresh the page.

For Example
In Registration Page, We want to validate the unique email address of user


Following the Simple Steps to do more Secure your Ajax Call.

1. Ajax Check - Ajax url must give Response when request is from ajax.

 
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&  strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') 
{
echo "Ajax Call";
} else{
echo "No Ajax Call";
}

2. Domain Check - Ajax url must give response, when request from your own server.

if(!empty($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="WWW.mydomain.com/url")
{
 //Request from my server
}

3. Always use post Method 

4. Token System
 a) Create a token and encrypt  the data.
 b) Send with Ajax
 c) Before giving the result check the request with de-crypt

Best Related Posts are Following:

1. How can I prevent SQL-injection in PHP?.
2. What is Best method for sanitizing user input with PHP?.
3. Difference between Notice and warning and fatal error.
4. How can I prevent SQL-injection in PHP [SOLVED].
5. PHP Register Globals.
6. PHP Sessions and Cookie and Security.
7. Free Boost Web Application By 20% in Simple Steps.
8. PHP Check Mime Type of File - Return Information About A File.
9. Crontab Interview Questions and Answers.
10. Improve Ajax Performance.
11. PHP Captcha Code Example Code Snippets.
12. PHP - Secure Ajax Call from Hackers - Example.
13. htaccess code snippets example.
14. Manage Cron Job with PHP - SSH2 Connection.
15. Shared Server Security Risk open_basedir disable_functions disable_classes.
16. Spoofed Forms - Stop Spoofed Form Submissions.
17. Session Fixation.
18. Session Hijacking.
19. openssl private encrypt.
20. Cross Site Request Forgery.
21. SQL Injection Attack - PHP & MySQL.
22. Cross-Site Scripting - cross site scripting examples.
23. PHP INI settings.

Zend Database Query - Zend Profiler Example - Code Snippets

Zend Profiler: It is used to display the queries executed by zend indirectly with MySql. It will show all the queries like insert, update, delete etc.

Zend Profiler is very important just because it show the queries but It can help you to improve the performance of your website.

See How you can use the Zend Profiler.

1. With zend profiler you will get to know what type of queries are running in your application and which is making slow your website.
2. Zend Profiler also also how much time each query is taking to execute.
3. you can get to know, what are un-necessary queries are running
4. What queries are running multiple times
5. For future you can store these queries for further use.

 See below Example, How to use zend Profiler

//create class
class Application_Model_Test extends Zend_Db_Table_Abstract {
    protected $_name = 'tests';
    protected $_primary = 'id';

    //create function
    function insertData($data) {
        /** enable the zend profiler **/
        $this->getAdapter()->getProfiler()->setEnabled(true);
        $profiler = $this->getAdapter()->getProfiler();
        /** enable the zend profiler **/

        //save data
        $this->insert($data);

        /** to list the mysql queries * */
        foreach ($profiler->getQueryProfiles() as $query) {
            $sqlQuery = $query->getQuery();
            $params = $query->getQueryParams();
            echo $sqlQuery = str_replace(array('?'), $params, $sqlQuery);
            echo '';            
        }
        
        /** to list the mysql queries * */
    }
}

5 Best Related Posts are Following:1. Web service - current time zone for a city- Free API
2. Zend Gdata Youtube API - Search Video - View Video Detail
3. Download the video from Amazon Simple Storage Service S3
4. How to set Cron in Zend Framework
5. Zend Cache Tutorial - Zend Framework 1.12