Sending data from Javascript, to JSON, to PHP via Ajax
Question
I've looked at a lot of answers related to this question, as this question has been asked many times on stackoverflow. Most of the answers seem to involve sending the data through the ajaxvariable.send() portion of the ajax call. I'm thinking about using a different solution that I haven't seen posted (could be wrong, but I've looked at a lot of them). However, as it hasn't been posted or suggested somewhere else, I'm concerned I may be opening the door to security issues (or whatever else may be wrong with my method). Is there something wrong with sticking a JSON object inside of a URL variable, if the following hold true?
Assume the following:
(1) The amount of information being transferred in the object is not large.
(2) The variables put into the JSON object being passed are pulled from a database on the sending page and checked against the database on the receiving page (not checked directly in a query mind you, but rather against a range of possible values put inside of a PHP array) to confirm nothing has been altered before anything is done with the passed variable values.
Javascript, JSON (sending page):
...
var getplaninfo = {};
getplaninfo["initialfee"] = document.getElementById("initialfee").value;
getplaninfo["monthlyfee"] = document.getElementById("monthlyfee").value;
var planinfo = JSON.stringify(getplaninfo);
ajaxRequest.open("GET", "index.php?choice=" + planinfo, true);
ajaxRequest.send(null);
PHP (from within the include that is replacing the contents of a div on the sending page):
if (isset($_GET["choice"])) {
$returned = $_GET["choice"];
$decode = json_decode($returned,true);
$initialfee = $decode["initialfee"];
$monthlyfee = $decode["monthlyfee"];
}
The reason I ask is that I'm pretty new to AJAX. I'm pretty comfortable with security in PHP, but I'm not so much with AJAX yet. I appreciate your time.
1 answers
solution1
1 ACCPTED 2014-08-05 20:37:15
What appears to be the difference between the examples that you've read about and your idea above, is that you would usually pass data to your server script through POST. Your idea runs a GET request and passes the data through there.
The different between GET and POST payload is that there is a limit to GET. Read more about that limitation here: What is the maximum length of a URL in different browsers?
Security issues with AJAX requests happens in the scripts that receive the data, when user input is not properly sanitized. Eg SQL injection, XSS.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.