Protect database content from being 'sniffed' out (Ajax)

Question

I am using an AJAX request to retrieve and display data from my database.

$("#flexitopicresults").flexigrid(
{
    url: 'venuequery-json.php',
    dataType: 'json',
    colModel : [ (..)
    (..)
}

venuequery-json.php obviously delivers a nice json-formatted version of the data contained in my database to the grid component. The problem is: how can I prevent others from calling the .php file directly and then get a ready-to-use dump of the content of my database (PHP, MySQL) ?

Answer 1

Use the same method you are currently using to secure the page that fetches the data to secure the ajax one (authentication via cookies or session or htaccess or whatever). You obviously trust that method enough to send it in first place.

Answer 2

You can initialize a session variable in ajax requesting page and then check it in 'venuequery-json.php'. After the checking process, you can renew the session variable. So users must request the ajax requesting page first. Furthermore, you can limit request per time for 'venuequery-json.php' by using sessions again.