[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 512
  • Last Modified:

Using Ajax in PHP for updating data in my sql database

HI,
      I want to use Ajax to update data in the database for each of the small blocks in my site. I searched on net and found some code on w3shcools.com for updating mysql database using Ajax. In the example it used to call a PHP page using GET method and passing the parameters as query string.
      I used it in my code and working good.
     Now I want to know am I using right way to update database? As user can view the path of the php file and the parameters I am passing in the page source at browser. User can hack it very easily by simply calling my internal php page with passing parameter with GET method.
     Is ther any way to improve security or any other way to update my database without page refresh.
0
pankajrathod84
Asked:
pankajrathod84
  • 2
  • 2
1 Solution
 
hieloCommented:
>>In the example it used to call a PHP page using GET method and passing the parameters as query string.
When working with AJAX, you can send the data via POST as well. Refer to the makePOSTRequest() function at:
http://www.captain.at/howto-ajax-form-post-request.php

IF you are really concerned about security, send a POST request over a secure connection (https://...)
0
 
haijeromeCommented:
hai

 You can use 'POST' as well as 'GET'. Just change the    

 http_request.open('POST', url, true);

This is more than enough !!!!

And my kind advice is to use jquery ajax. If you want an example of jquery ajax using POST operation
i can help you and attach a sample file.

Regards
Jerome  


0
 
hieloCommented:
@haijerome: >>You can use 'POST' as well as 'GET'.
He is already using GET and is working fine for him. He is concerned about security and want alternatives.

@pankajrathod84: FYI: you are better off using POST. Whenever you submit a get request, the querystring params end up in your log file. If your server logs get hacked/stolen, there goes all those "credentials" or whatever it is us you are passing. Data sent via POST doesn't end up in the log.

Like I said, "IF you are really concerned about security, send a POST request over a secure connection (https://...)"

Regards,
Hielo
0
 
haijeromeCommented:
@hielo: >> yeah i have not read it properly

Thanx
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now