Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder ghostz00's Avatar
    Join Date
    Aug 2006
    Posts
    128
    Thanks
    11
    Thanked 2 Times in 2 Posts

    I can see POST variables in firebug!

    I didn't think I was supposed to see those variables when using post.

    I tried encoding then decoding in the php...but that doesn't seem to hide them either.

    Code:
    	var url="class.user.php";
    	var params="user="+encodeURI(user)+"&pass="+encodeURI(pass);
    
    		AJAX.xmlHttp.onreadystatechange=function(){AJAX.stateChanged(callback,responseType)};
    		AJAX.xmlHttp.open("POST",url,true);
    		AJAX.xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    		AJAX.xmlHttp.setRequestHeader("Content-length", params.length);
    		AJAX.xmlHttp.setRequestHeader("Connection", "close");
    		AJAX.xmlHttp.send(params);
    Greg

  • #2
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    The browser has to send the POST. The server won't encode them until after that request has been made.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #3
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    It's really irrelevant. The method you use isn't going to be any more secure whether you use a standard form or post them with AJAX(provided it's coded properly). The data the user inputs in client-side no matter what, and isn't really under your control until it's POSTed to the server.

  • #4
    Regular Coder
    Join Date
    Dec 2002
    Location
    Minneapolis, MN
    Posts
    208
    Thanks
    0
    Thanked 1 Time in 1 Post
    testing the post
    anthony


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •