Validating a form with php
But the recommended solution is to test for the 'X-Requested-With' request header.
If the value of that header is 'XMLHttp Request' then you know that the form was posted via ajax.
Further, they provide no protection against man-in-the-middle attacks where an attacker intercepts the transmission of the TAN and uses it for a forged transaction.
Especially when the client system should become compromised by some form of malware that enables a malicious user, the possibility of an unauthorized transaction is high.
However, as any TAN can be used for any transaction, TANs are still prone to phishing attacks where the victim is tricked into providing both password/PIN and one or several TANs.
There is no special coding required to handle file uploads.