Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Apr 2010
    Posts
    417
    Thanks
    4
    Thanked 1 Time in 1 Post

    grab DB info securely using AJAX

    I wish to have two fields, the first being the 'name' and the second being the 'address'

    The end user will sign in and start to type in a 'name' in the first textfield, after say the third letter, AJAX will start to show some names that match whats in the 'names' MySQL DB, based on the phrase they have started to type in.

    The second textfield will show any addresses based on the name in the 'name' textfield.


    My DB table will have two fields,
    cID (CustomerID)
    name
    addresses

    the addresses DB field will have addresses seperated by
    ||

    i.e.

    1 High Street, Hondon, SW1A 1AB||2 London Road, London, SW2A 4BC



    I shall be using server-side sessions, what I have worries about is, is this secure?
    Say I was to view the javascript code I could see the hidden page that is used to get the addresses with and use the ?uid=1 as so on to get the info for everyone... is this right ?

    I do not know much about server sessions and think using my own random unique sessionid which is stored on each login, and this is then passed using javascript to the hidden page and the hidden page then verifies that they are logged in before sending the info to the page which is read by the clients pc.

    what method should i use so the addresses and any other info that is passed can not be viewed unless they are supposed to?

  • #2
    GŁtkodierer
    Join Date
    Apr 2009
    Posts
    2,127
    Thanks
    1
    Thanked 426 Times in 424 Posts
    That doesn't really have anything to do with AJAX. For PHP, a request is a request, no matter if it's synchronous or asynchronous.

    So you just have to make sure that your PHP files check whether a user has permission to see information before sending any.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •