Answer the question
In order to leave comments, you need to log in
How secure is the code?
I recently started working with JQ, I'm learning a little, I'm worried about the security of the code:
$("#promocode").keyup(function() {
var promocode = $(this).val();
var countSim = $(this).val().length;
if(countSim == 7) {
$.ajax({
type: "GET", //метод запроса, можно POST можно GET (если опустить, то по умолчанию GET)
url: "page/basket/checkPromocode.php",
data: {sendpromocode:promocode}, //отправим данные, если нужно
success: function(data) { //функция выполняется при удачном заверщение
if($.parseJSON(data).error != 'Промо - код не принят!') {
$('#errorStyle').attr('style', 'padding: 0px 0px 20px 0px;border: 2px solid #8BC34A;border-radius: 10px;box-shadow: 0 0 8px #8BC34A;background-color: #dbf7bb;');
$('#loadPromoError').html('Скидка по промо - коду');
$('#loadsumPromo').show('slow');
$('#sumSkdPromo').show('slow')
$('#sumSkdPromo').html($.parseJSON(data).skdsum);
$('#totalPrice').attr('style', 'text-decoration: line-through;font-size: 12pt;');
$('#totalPricePromocode').show('slow');
$('#totalPricePromocode').html($.parseJSON(data).strNewSum);
} else {
$('#errorStyle').attr('style', 'padding: 0px 0px 20px 0px;border-radius: 10px;border: 2px solid #e07575;box-shadow: 0 0 8px #e07575;background-color: #ffdada;');
$('#loadsumPromo').show('slow');
$('#sumSkdPromo').hide();
$('#loadPromoError').html($.parseJSON(data).error);
}
}
});
} else {
$('#loadsumPromo').hide();
$('#sumSkdPromo').hide();
$('#totalPricePromocode').hide();
$('#totalPrice').removeAttr('style', 'text-decoration: line-through;font-size: 12pt;');
}
});
Answer the question
In order to leave comments, you need to log in
At least - you need a backend code: page/basket/checkPromocode.php
If you check $_GET['sendpromocode'] via regex,
for example (code length is always 8 characters): /[a-z0-9]{8}/i
then you can say that everything is safe.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question