View Full Version : grab DB info securely using AJAX

01-28-2011, 01:29 AM
I wish to have two fields, the first being the 'name' and the second being the 'address'

The end user will sign in and start to type in a 'name' in the first textfield, after say the third letter, AJAX will start to show some names that match whats in the 'names' MySQL DB, based on the phrase they have started to type in.

The second textfield will show any addresses based on the name in the 'name' textfield.

My DB table will have two fields,
cID (CustomerID)

the addresses DB field will have addresses seperated by


1 High Street, Hondon, SW1A 1AB||2 London Road, London, SW2A 4BC

I shall be using server-side sessions, what I have worries about is, is this secure?
Say I was to view the javascript code I could see the hidden page that is used to get the addresses with and use the ?uid=1 as so on to get the info for everyone... is this right ?

I do not know much about server sessions and think using my own random unique sessionid which is stored on each login, and this is then passed using javascript to the hidden page and the hidden page then verifies that they are logged in before sending the info to the page which is read by the clients pc.

what method should i use so the addresses and any other info that is passed can not be viewed unless they are supposed to?

01-28-2011, 10:06 AM
That doesn't really have anything to do with AJAX. For PHP, a request is a request, no matter if it's synchronous or asynchronous.

So you just have to make sure that your PHP files check whether a user has permission to see information before sending any.