Jump to content

Recommended Posts

I'd like to get a little insight on how which of the following two is the best method, looking from both the aspects of simplicity and security.    I've just completed work on my second Ajax project and set up my calls like so.

 

Page: something.php

 

User event triggers a JavaScript function.  This function builds a URL string with some data, and makes an HTTP GET request to something.php.  The URL string might look something like this: something.php?function=doSomething&value=1. At the very top of the page, something.php, there is session control that will redirect a user if they do not have a valid session.  After this there is a switch statement that looks something like this:

 

if($_GET[function])
{
switch($_GET[function])
{
	case 'doSomething':
		echo somePHPFunction($_GET[value]);
		break;
    case 'dontDoIt:
		echo someOtherPHPFunction($_GET[value]);
		break;
}
return;
}

 

I think this is pretty secure.  Since the no one can pass anything into the page without having a valid session, it seems very simple as each time you create a new JavaScript function that will be doing a request you just add another case to your switch statement, and its low on bandwidth as one it hits that case, it returns, and no further parsing of that particular page is done.  It also centralizes code into a single page.  Are there any downsides to doing it this, ie, is having an external page better?

Link to comment
https://forums.phpfreaks.com/topic/66058-ajax-architecture/
Share on other sites

Yeah, that's essentially how I've doing it. Your point on security is correct, in that it can filter out (ie. not respond) to any undefined functions / actions.

As for where I store this, I actually switch between writing the Ajax response in the main script that requests it (by putting the variable 'ajax' in GET) and having a separate page. As to whether which style is better I can't really decide yet. Having the Ajax right next to everything else in the same file makes it easy to change the functionality, but it sometimes becomes cluttered. Having the Ajax response handled in an external file is good if you want to avoid clutter, but you have to be sure to maintain that file and others for that, uh, module.

Link to comment
https://forums.phpfreaks.com/topic/66058-ajax-architecture/#findComment-330545
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.