if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || $_SERVER['HTTP_X_REQUESTED_WITH'

1. if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {return;}
2. if (empty($_POST['action'])) {return;}
3. $result = '';
4. switch ($_POST['action']) {
5. case 'read':
6. $sql = 'SELECT * FROM `items` WHERE status=1 LIMIT 100';
7. $query = $modx->query($sql);
8. if ($query) {
9. while ($i= $query->fetch(PDO::FETCH_ASSOC)) {
10. $result .= $i['id'];
11. }
12. }
13. break;
14. case 'insert':
15. $item_name = (int)$_POST['item_name'];
16. $item_text=mysql_real_escape_string($_POST['item_text']);
17. $status = 1;
18. $sql ="insert into `items` (item_name,item_text,status) values ('".$item_name."','".$item_text."','".$status."')";
19. $stmt = $modx->prepare($sql);
20. $stmt->execute();
21. $res = 'ok';
22. break;
23. }
24. if (!empty($res)) {
25. die($res);
26. }