I am sending data to a PHP site using the following code: if (window.XMLHttpRequest)

Question

0

Asked: May 27, 20262026-05-27T12:49:44+00:00 2026-05-27T12:49:44+00:00

I am sending data to a PHP site using the following code: if (window.XMLHttpRequest)

0

I am sending data to a PHP site using the following code:

if (window.XMLHttpRequest)
      {// code for IE7+, Firefox, Chrome, Opera, Safari
              xmlhttp= new XMLHttpRequest();
      }
      else
      {// code for IE6, IE5
          xmlhttp= new ActiveXObject("Microsoft.XMLHTTP");
      }
      xmlhttp.open("GET","addEmail.php?email="+escape(email),true);
      xmlhttp.send();
      xmlhttp.close;

Is there any way of making sure that the addEmail.php is being run through the XMLHttpRequest so people cant simply go to www.domain.com/addEmail.php?email=some@thing.com to make the php site eat their email and run a thousand requests on the page? Thanks in advance

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T12:49:44+00:00

Editorial Team

2026-05-27T12:49:44+00:00Added an answer on May 27, 2026 at 12:49 pm

The users is always able to access the php script directly, but you can protect is a bit more by adding this check to the php script:

if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')
{
  //CODE HERE
}

Additionally, like Eugen Rieck mentioned, you could send a token.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am sending data to a PHP site using the following code: if (window.XMLHttpRequest)

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply