-
December 7th, 2008, 06:36 AM
#1
php ajax a different way?
first hello to all board members!
i was wondering if there is a better way to develop php - ajax applications, i will show you how i work and tell you the problems with it and would love to hear suggestions.
First i collect the data from the html page like this
Code:
xmlHttp=GetXmlHttpObject()
if (xmlHttp==null) {
alert('Your browser does not support AJAX. Contact your system administrator.');
return
}
var url="validation.php"
url=url+"?username="+document.getElementById('username').value
url=url+"&password="+document.getElementById('password').value
xmlHttp.onreadystatechange=analyzer
xmlHttp.open("GET",url,true)
xmlHttp.send(null)
Then i process these inputs the way i like in the *.php file
Then i analyze the results the following way
Code:
function analyzer(){
if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete"){
var strg=xmlHttp.responseText;
var arr= strg.split("|");
for(i=0;i<=arr.length;i++){
switch (arr[i])
{
case "correct":
document.getElementById("status").innerHTML=arr[i+1];
break;
case "incorrect":
document.getElementById("status").innerHTML=arr[i+1];
break;
}
}
}
}
This method satisfies all my needs in developing.. but the problem is
1. User of the application can simply type in the *.js file path in their web browser and see the url formation.
2. Normally the url variable names are the same like the php $variables
3. Users will be able to manipulate the php if they type a similar url in the browser
i know about session although i am not very good with that yet, but for instance in facebook i don't see any xmlHttp.responseText in there js code and worst in gmail all what they have in there code is one single <div></div> tag..
what should i read to be able to write similar applications
-
December 7th, 2008, 05:07 PM
#2
Re: php ajax a different way?
It seems as though you are relying way too heavily on JavaScript for security reasons. Anytime you use AJAX, anyone can view your source and figure out your URL, with the exception of the variables passed into it from forms. This is completely normal.
Facebook and Google use responseText because it is one of the only two methods for retrieving data through AJAX. They have separate JS files which are minified, and even sometimes obfuscated.
All security should come from server-side scripts...period! If you don't want users to access your script without going through your AJAX instance, then use PHP to check the referring page (HTTP_REFERER).
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
December 10th, 2008, 07:53 AM
#3
Re: php ajax a different way?
thanks for the reply,
okay i learnt the two ways of retrieving data from AJAX they are for those who want to know
1. reponseText (that holds strings of data)
2. reponseXML (that hold the XML feedback)
but i wasn't able to find how can i minify or obfuscate files.. can you just give me a link to start reading from... or a search term as i wasn't able to find useful info to do that..
gud day 2 all
-
December 10th, 2008, 09:16 AM
#4
Re: php ajax a different way?
Originally Posted by kjason
okay i learnt the two ways of retrieving data from AJAX they are for those who want to know
1. reponseText (that holds strings of data)
2. reponseXML (that hold the XML feedback)
No offense, but that is very basic. If you are just now finding this, before you proceed much further, you need to read W3School's AJAX section.
Originally Posted by kjason
but i wasn't able to find how can i minify or obfuscate files.. can you just give me a link to start reading from... or a search term as i wasn't able to find useful info to do that..
Wow, you must not have even tried searching. If you just type "obfuscate javascript" or "javascript minify" it will return thousands of results.
http://www.google.com/search?q=obfuscate+javascript
http://www.google.com/search?hl=en&q=minify+javascript
Last edited by PeejAvery; December 10th, 2008 at 09:19 AM.
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
December 10th, 2008, 09:40 AM
#5
Re: php ajax a different way?
thanks peej.. actually i just started software programming recently!
-
December 10th, 2008, 11:20 AM
#6
Re: php ajax a different way?
We all have to start somewhere. Good luck!
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
-
December 9th, 2015, 03:39 AM
#7
Re: php ajax a different way?
Originally Posted by PeejAvery
Thanks, very useful information.
-
December 26th, 2015, 02:49 PM
#8
Re: php ajax a different way?
Welcome to the forums zhoubin.
Please don't revive 7 year old threads. it just clutters the forum with old info.
If the post was helpful...Rate it! Remember to use [code] or [php] tags.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|