Jump to content
Forums are read-only ×
Larry Ullman's Book Forums

Ajax Questions: Is The Example Safe To Use In A Production Site?

masterlayouts
 Share

Recommended Posts

masterlayouts Newbie

masterlayouts

Posted
Posted

I kind of need an ajax script to view/add/edit/delete from the database. Your second example display results from database (view), I guess I can work upon it to make it run with delete, but I am not sure how to make it work with edit. Do you have any suggestions or maybe you have such an view/add/edit/delete example at hand?

 

I am also wondering if the use of eval() in the script does not present a security risk? At least in PHP everywhere I turn says "eval is evil".

 

Regarding the security issue, from what I've learned from your books the input data must be sanitized and validated. I haven't seen anythink like that in the JavaScript example you offer. Isn't any security precautions to be take or it was skipped for brevity?

 

I am also wondering if the example offered is still actual considering the book is relatively old and I've seen that you have written a new book "Modern Javascript: Develop and Design". At this time I would probably be satisfied with an example that is doing view/add/edit/delete as this is pretty much what I need. I consider buying this book, is there any chance I will find inside what I am looking for?

 

Another questions is what happens when the javascript is disabled? In the first example it creates no difficult as the validations occurs in PHP. What happens in the second example? It feels like something is missing...

Link to comment
Share on other sites
Larry Explorer

Larry

Posted
Posted
I kind of need an ajax script to view/add/edit/delete from the database. Your second example display results from database (view), I guess I can work upon it to make it run with delete, but I am not sure how to make it work with edit. Do you have any suggestions or maybe you have such an view/add/edit/delete example at hand?

 

For an edit, you'd start with the view, and then upon form submission, you'd send all the data to a server-side script using Ajax. The server-side script would validate the data. If it's all valid, it would update the database and return a simple message indicating success. If it's not valid, you'd return the error messages.

 

I am also wondering if the use of eval() in the script does not present a security risk? At least in PHP everywhere I turn says "eval is evil".

 

eval() is generally evil, although with parsing JSON, it's necessary. The modern solution is to use parseJSON(), which is a more secure invocation of eval().

 

Regarding the security issue, from what I've learned from your books the input data must be sanitized and validated. I haven't seen anythink like that in the JavaScript example you offer. Isn't any security precautions to be take or it was skipped for brevity?

 

It's possible I skipped some for brevity, but if you could provide a specific example where data is being unsafely used, I could better answer the question.

 

I am also wondering if the example offered is still actual considering the book is relatively old and I've seen that you have written a new book "Modern Javascript: Develop and Design". At this time I would probably be satisfied with an example that is doing view/add/edit/delete as this is pretty much what I need. I consider buying this book, is there any chance I will find inside what I am looking for?

 

You won't find those specific examples, but you'll learn the JavaScript you need in order to create them yourself.

 

Another questions is what happens when the javascript is disabled? In the first example it creates no difficult as the validations occurs in PHP. What happens in the second example? It feels like something is missing...

 

In both examples, the script would still work if JavaScript is unavailable. In the second example, you just need to write find_stores.php.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...