For years, the goal of creating a truly responsive Web application was hampered by one simple fact of Web development: To change the information on part of a page, a user must reload the entire page. Not anymore. Thanks to asynchronous JavaScript and XML, we can now request new content from the server and change just part of a page. This tutorial explains how to use Ajax with PHP and introduces Sajax (Simple Ajax Toolkit), a tool written in PHP that lets you integrate PHP with JavaScript.
this is pretty cool pretty soon just about everyone, as in:
asp,Perl,PHP,java will all have ajax types of stuff available. pretty coool indeed.
-Nex6
-nex6.blogspot.com
I’ve read many articles that say that SAJAX has many exploits.
http://twilightuniverse.com/2005/05/sack-of-ajax/
http://www.intertwingly.net/blog/2005/03/16/AJAX-Considered-Harmful
http://www.intertwingly.net/blog/2005/04/01/Sajax-Still-UnSafe
I get nervous with too much AJAX. It’s cool, yes, but overuse can lead to security problems.
What is it with PHP stuff and security? Constant problems is what I see.
I have found that PHP is a very easy language for people to start using. At the same time it does not really inforce security. This is not an issue if you are experienced in programming and do things the safe way.
The real issues comes because a vast majority of php programmers out there are new to programming. On top of this the sites that give examples of how to use PHP usually do not cover the security concerns at all. There are many books on the topic (I have read my fair share of them) but they are not easy for people just starting to program in php.
So to sum up my rambling, I believe it’s the fact that inexperienced programers are able to create fairly functional programs quickly but with security holes. On top of that their code goes directly to the web where everyone can easy exploit it. Unlike simple programs that are not web-based, these programs are running on someone elses machine and security becomes a top concern then.
Sorry about the rambling…
Right, I agree with you. But there are still security issues directly related to PHP such as when it used to use registered global variables, quite a few security holes in the core, and now this stuff.
I fail to see how any of this relates to AJAX?
Security issues are the same as in any other programming language. AJAX security issues as far as I can tell are not related to PHP.
Adam’s last link talks about issues with Sajax specifically, which is a PHP tool.
Those particular issues are not PHPs fault, you’re right on that. But I was just commenting on how security issues seem to be following PHP.
I’ve used Sajax a little bit and its great. One really cool aspect is that they ship code to work with multiple programming languages (PHP, CFML, Python, etc) to give you an even better stepping stone.
Damien
I used SAJAX for a while, but its features are pretty sparce. Besides the software being a bit querky, there is no error handling. In the end, I was returning strings for everything and testing the string. If it started with “** ERROR:”, then I would trap the error in Javascript and work from there.
The alternative to all of this is Prototype. Prototype comes witha built-in AJAX object. All you have to do is write a simple PHP page to take some parameters and you are golden. If you error out on the PHP side, you just change the page header to something that isn’t successful (like 500) and Prototype has built in error handling.
Also, if you use Prototype a lot, you gain a lot of features and the ability to use scriptaculous. It really brings down the development time on the Javascript side, which can be the most tedious part.
Oh, and using this stuff makes you cool like the Ruby on Rails nerds.
http://prototype.conio.net/
http://script.aculo.us/
It seems that some of AJAX functionality depends on browser capabilities. Which generation of browsers will I be able to support? IE5+ and NS7+ or does it even matter?
IE5+, Firefox 1.0+, Opera 8.0+, Safari, Konqueror, NS8+
I think something like that.
http://www.xoad.org/
If you are interested in PHP + AJAX you should really check XOAD. It’s very powerfull and the winner of the PHP Programming Innovation Award.
Sajax is a good beginning for a comprehensive AJAX framework. One of the things that irk me about AJAX (and XUL too) is that when I write an app, most of the time I’m forced to spend a lot of time writing the plumbing from scratch.
Another good PHP library for AJAX development is xajax (http://xajax.sourceforge.net). It’s still in the early stages of development, but it offers a really nice, clean way of “calling” PHP functions (and soon objects) directly from Javascript, and pushing DOM manipulation and scripting to the browser directly from PHP using a very simple API. All using real XML commands too (it’s amazing how a lot of AJAX doesn’t actually use the “X” part of it!). I’ve recently signed on as an assistant developer on the project and am working on ideas for providing integration with Prototype/Script.aculo.us, better form handling, interoperability with existing PHP frameworks, etc.
Jared
https://www6.software.ibm.com/developerworks/education/os-phpajax/os…
python all over (and in AJAX):
http://en.wikipedia.org/wiki/AJAX#Python
unpack rico in document root, import rico and its support library to your <script> section and use the rico’s methods.
I use sarissa.sf.net for the javascript stuff and my php code makes html to use these calls acordingly. When page is requested it is validated to login as a normal page would be.
Frankly, I don’t really see the point of sajax?