Author Topic: JSON/AJAX (Read 2832 times)

LordConiupiter · « **on:** December 27, 2010, 07:14:38 am »

This is a thread I started because I just discovered JSON as a great way of creating webpages which need to update using new information from the server. I already have written a javascript which makes it even easier to request info from the server. An example is attached. If you don't know how to test them, here is a program freely available for download. Copy the example files in the USBWebserver/root directory, and start usb webserver8.exe or somthing like that. You also could use XAMPP, which will perhaps do the job even better, but I just downloaded that program today, because a schoolmate of mine recommendet it, since is also has a Linux version. (wow, that's a long sentence

)

BTW: the attachment is zipped with 7zip compression, which is done by jZip. I've done this because it's the smallest an fastest compression I ever saw. Decompression can be done using winRAR, jZip or 7zip, and even lots and lots more applications I don't know of.

Ikkerens · « **Reply #1 on:** December 27, 2010, 09:17:31 am »

I don't know what exactly you're intending to do using this kind of client/server communication, but there are several things I'd like to point out:
*I see you're using a self written piece of code to send ajax requests (GET), instead I'd using a already given library, such as jQuery or MooTools, although i'd recommend jQuery, as the mootools project is discontinued.
Upside of mootools however is, that the code is understandable, many people don't understand the entire jQuery code.

*Creating a client-side query and the sending it to the server is a MAJOR security leak.
Unless you're going to use the program for private use, any user that could get past your code CAN and most likely WILL search the DOM for leaks.
This isn't a leak, its a hole in the wall, just sayin'.
Because this, basically, gives any user the privilege to execute MySQL query's without the need of your password/host/username and stuff.

*json_encode and json_decode are not supported on every server, if you're ever going to release your code, you might consider including the following code:
http://walotech.com/jsonsource.php

Below that code you see a part written by me, allowing support for any server, only defining the functions if they don't exist

LordConiupiter · « **Reply #2 on:** December 27, 2010, 04:04:39 pm »

Quote from: Ikkerens on December 27, 2010, 09:17:31 am

I don't know what exactly you're intending to do using this kind of client/server communication, but there are several things I'd like to point out:
*I see you're using a self written piece of code to send ajax requests (GET), instead I'd using a already given library, such as jQuery or MooTools, although i'd recommend jQuery, as the mootools project is discontinued.
Upside of mootools however is, that the code is understandable, many people don't understand the entire jQuery code.

*Creating a client-side query and the sending it to the server is a MAJOR security leak.
Unless you're going to use the program for private use, any user that could get past your code CAN and most likely WILL search the DOM for leaks.
This isn't a leak, its a hole in the wall, just sayin'.
Because this, basically, gives any user the privilege to execute MySQL query's without the need of your password/host/username and stuff.

*json_encode and json_decode are not supported on every server, if you're ever going to release your code, you might consider including the following code:
http://walotech.com/jsonsource.php

Below that code you see a part written by me, allowing support for any server, only defining the functions if they don't exist

The intention is to load certain database data unto the client in javascript, so it can be ordered easily without needless server requests.
*I have seen the jQuery library, but I still like to code things myself, and even create my own library.
*The client side queries you saw are not sent to the server. When you look deeper in the code, you'll see those queries are coverted to javascript conditions, and used for getting data from the loaded databasepart.
*Thanks, but I knew was it was supported since PHP 5.2 or so, so that's a prequisite. Perhaps I should have mentioned that in my first post. With this piece of code I can make it more generally usable!

Thanks for the feedback! Don't hesitate to give me more if you have. Feedback optimizes, and comments keeps alert(!)

LordConiupiter · « **Reply #3 on:** December 28, 2010, 06:05:06 am »

New update! Now you can write your data into any type of HTML you want!
New code is über-commented!

Ikkerens · « **Reply #4 on:** December 29, 2010, 06:25:22 am »

Allright, it's getting somewhere now.
I just don't get 1 thing, why did you include jQuery.js?
It's not used in any document :S
P.S. Het engelse woord yet wordt geschreven met een griekse y

, zag namelijk jet in je code staan

Author Topic: JSON/AJAX (Read 2832 times)

LordConiupiter

JSON/AJAX

Ikkerens

Re: JSON/AJAX

LordConiupiter

Re: JSON/AJAX

LordConiupiter

Re: JSON/AJAX

Ikkerens

Re: JSON/AJAX