Jump to content
Larry Ullman's Book Forums
masterlayouts

Ajax Questions: Is The Example Safe To Use In A Production Site?

Recommended Posts

I kind of need an ajax script to view/add/edit/delete from the database. Your second example display results from database (view), I guess I can work upon it to make it run with delete, but I am not sure how to make it work with edit. Do you have any suggestions or maybe you have such an view/add/edit/delete example at hand?

 

I am also wondering if the use of eval() in the script does not present a security risk? At least in PHP everywhere I turn says "eval is evil".

 

Regarding the security issue, from what I've learned from your books the input data must be sanitized and validated. I haven't seen anythink like that in the JavaScript example you offer. Isn't any security precautions to be take or it was skipped for brevity?

 

I am also wondering if the example offered is still actual considering the book is relatively old and I've seen that you have written a new book "Modern Javascript: Develop and Design". At this time I would probably be satisfied with an example that is doing view/add/edit/delete as this is pretty much what I need. I consider buying this book, is there any chance I will find inside what I am looking for?

 

Another questions is what happens when the javascript is disabled? In the first example it creates no difficult as the validations occurs in PHP. What happens in the second example? It feels like something is missing...

Share this post


Link to post
Share on other sites
I kind of need an ajax script to view/add/edit/delete from the database. Your second example display results from database (view), I guess I can work upon it to make it run with delete, but I am not sure how to make it work with edit. Do you have any suggestions or maybe you have such an view/add/edit/delete example at hand?

 

For an edit, you'd start with the view, and then upon form submission, you'd send all the data to a server-side script using Ajax. The server-side script would validate the data. If it's all valid, it would update the database and return a simple message indicating success. If it's not valid, you'd return the error messages.

 

I am also wondering if the use of eval() in the script does not present a security risk? At least in PHP everywhere I turn says "eval is evil".

 

eval() is generally evil, although with parsing JSON, it's necessary. The modern solution is to use parseJSON(), which is a more secure invocation of eval().

 

Regarding the security issue, from what I've learned from your books the input data must be sanitized and validated. I haven't seen anythink like that in the JavaScript example you offer. Isn't any security precautions to be take or it was skipped for brevity?

 

It's possible I skipped some for brevity, but if you could provide a specific example where data is being unsafely used, I could better answer the question.

 

I am also wondering if the example offered is still actual considering the book is relatively old and I've seen that you have written a new book "Modern Javascript: Develop and Design". At this time I would probably be satisfied with an example that is doing view/add/edit/delete as this is pretty much what I need. I consider buying this book, is there any chance I will find inside what I am looking for?

 

You won't find those specific examples, but you'll learn the JavaScript you need in order to create them yourself.

 

Another questions is what happens when the javascript is disabled? In the first example it creates no difficult as the validations occurs in PHP. What happens in the second example? It feels like something is missing...

 

In both examples, the script would still work if JavaScript is unavailable. In the second example, you just need to write find_stores.php.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...