Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
good_beginer2018-11-21 11:30:51
AJAX
good_beginer, 2018-11-21 11:30:51

What is the risk of ajax requests to the server?

I came across this kind of sending data from a form to the server, it works fine, but immediately a question arose about security. Is it worth it to become paranoid with such requests and generate secret tokens, check key matches, etc.
app.js

var servResponse = document.querySelector('#returned');
    document.forms.myform.onsubmit = function(e){
      event.preventDefault();

      var testInput = document.forms.myform.myForm_input.value;
      testInput = encodeURIComponent(testInput);
      var xmlca = new XMLHttpRequest();

      xmlca.open('POST', 'controller.php');

      xmlca.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

      xmlca.onreadystatechange = function(){
        if(xmlca.readyState === 4 && xmlca.status === 200){
          servResponse.textContent = xmlca.responseText;
        }
      }
      xmlca.send('myForm_input=' + testInput);
    };

view.html
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
  
  <title>Document</title>
</head>
<body>
  
  <div id="returned"></div>

  <form name="myform" >
    <input type="text" name="myForm_input">
    <input type="submit" name="myForm_submit" value="submit">
  </form>
<script type="text/javascript" src="app.js"></script>
</body>
</html>

controller.php
<?php
$info = $_POST['myForm_input'];

switch ($info) {
  case '1':
      echo 'this is 1';
    break;
  case '2':
      echo "this is 2";
    break;
  default:
      echo "is not nubber";
    break;
  }
?>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Anton Neverov, 2018-11-21
@TTATPuOT

The request is simple, the logic there is 2 kopecks. Moreover, no secret data is output as a result.
It makes sense to save sessions, authorization keys, etc. only in the case of either complex and demanding logic, or trite for those requests that return non-public data. For everything else - no, an extra load.

Report
D
Dima Pautov, 2018-11-21
@bootd

And what really bothered you here? What is wrong in this code? Normal ajax request, normal form. What's wrong here?

Similar questions
X
xFRAPS2018-03-29 22:52:55
JS load whole page AJAX instead of elements? 1Reply
B
bilyaev822021-07-22 19:34:26
Why is the AJAX request not coming? 0Reply
T
trenton2021-07-29 23:46:04
How to implement it correctly so that the product is added to the cart through a self-written modal, and not redirected to the product card? 0Reply
F
frerf09092021-08-01 16:14:20
Is it possible to create a web application using jquery, ajax without reloading the page? 1Reply
A
Anton2021-08-09 08:13:26
How to clear the file selection in the button in the form (ajax) after submitting the data? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question