Jump to content

AJAX architecture

s0c0

By s0c0
in Application Design

Recommended Posts

s0c0 Regular Member

s0c0

Posted
Posted

I'd like to get a little insight on how which of the following two is the best method, looking from both the aspects of simplicity and security.    I've just completed work on my second Ajax project and set up my calls like so.

 

Page: something.php

 

User event triggers a JavaScript function.  This function builds a URL string with some data, and makes an HTTP GET request to something.php.  The URL string might look something like this: something.php?function=doSomething&value=1. At the very top of the page, something.php, there is session control that will redirect a user if they do not have a valid session.  After this there is a switch statement that looks something like this:

 

if($_GET[function])
{
switch($_GET[function])
{
	case 'doSomething':
		echo somePHPFunction($_GET[value]);
		break;
    case 'dontDoIt:
		echo someOtherPHPFunction($_GET[value]);
		break;
}
return;
}

 

I think this is pretty secure.  Since the no one can pass anything into the page without having a valid session, it seems very simple as each time you create a new JavaScript function that will be doing a request you just add another case to your switch statement, and its low on bandwidth as one it hits that case, it returns, and no further parsing of that particular page is done.  It also centralizes code into a single page.  Are there any downsides to doing it this, ie, is having an external page better?

Link to comment
https://forums.phpfreaks.com/topic/66058-ajax-architecture/
Share on other sites
deadimp Newbie

deadimp

Posted
Posted

Yeah, that's essentially how I've doing it. Your point on security is correct, in that it can filter out (ie. not respond) to any undefined functions / actions.

As for where I store this, I actually switch between writing the Ajax response in the main script that requests it (by putting the variable 'ajax' in GET) and having a separate page. As to whether which style is better I can't really decide yet. Having the Ajax right next to everything else in the same file makes it easy to change the functionality, but it sometimes becomes cluttered. Having the Ajax response handled in an external file is good if you want to avoid clutter, but you have to be sure to maintain that file and others for that, uh, module.

Link to comment
https://forums.phpfreaks.com/topic/66058-ajax-architecture/#findComment-330545
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.