It is useful to prevent direct access of AJAX calls (from browser address bar).
function check_is_ajax($script) {
$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
if(!$isAjax) {
trigger_error('Access denied - not an AJAX request...' . ' (' . $script . ')', E_USER_ERROR);
}
}