The idea is that I call all of my php scripts via ajax so the php scripts aren't visible when a user views the sourcecode.
Is this a good ideal especially regarding security and performance of my website?
The PHP code that you write will never been seen by the end user - the code is executed by the server and returns everything outside of the PHP tags (<?php ... ?>). The PHP code inside the tags is NOT returned to the browser.
As far as using AJAX is concerned this won't help you with security, your AJAX calls are only as secure or unsecure as standard GET or POST requests to the server. What AJAX may help you with is performance since it allows you to send and recieve data in the background. If your application is data-centric then AJAX will be useful to communicate pure data with the server. If you have a standard hierarchical website design then there's little user for AJAX, just use links to move around and forms to send data.
Related
So I am designing a HTML5 site and I have some data in textfields for example, "password" that I need to store into the database on the Apache server. So far I have designed a simple HTML5 site which is capable of passing data to a PHP script for the handling of server information.
If I plan to use Javascripts to implement login/registers, etc is it possible for the Javascript to parse data to my PHP script and will there be any security flaws involved by doing this? Is it also advisable/recommended to have my HTML5 page parse data directly to the PHP page for the handling of storage or are there better methods/means out there?
Using Javascript to pass the data back to the server is fine, but comes with a few caveats.
First off, you might want to consider a fallback for browsers that don't have js available.
Secondly, and much more importantly: Never trust the client. It's difficult to guarantee that data you receive on the server will have gone through all the checks in the browser. The simplest way to deal with it is to make any validation / cleaning that you do on the frontend in javascript also be done on the backend with PHP before you let anything hit your database.
I've got a webpage that makes several calls to external site APIs. Right now, I do this via PHP, and cache the responses to disk (using cachelite) where I can. Even so, the page seems to load very slowly, and I'm struggling to find a likely cause (the page speed tab in Chrome is not providing any useful clues).
So I wonder if there might be some benefit to having the client process the API calls via JQuery instead, so that at least the initial page load for the user is faster. Is it worth me doing this, or would I be better off trying to optimise the PHP code further?
It depends, if you want to have the result of the JSON indexed by Google, you need to parse it through PHP.
If you want the fastest way and less server load, use Javascript to load the JSON, the JSON will be loaded from an external source and cached by the users browser.
What is the load time of the JSON? Maybe the other server is slow?
PHP is server side scipting.
If you are not doing anything on server but just loading the contents from external Site APIs
I think it would be better if you use jQuery or javascript to the job for you.
I've been thinking about the two answers above and think maybe what I could do is combine both approaches, that is to say, have the json fetched and cached by a server-side php script, but have the user-facing PHP files use jquery to load data from the file.
I need to call a PHP Script and Run (a function) on the Server .. by calling from client side by using Javascript. I know only Ajax Call from Javascript.
Is there any other standardized way to communicate from Javascript to PHP?
Please correct me if i'm wroing. Is XMLRPC an another approach?
Nothing that is well supported or practical.
Ajax is just shorthand for "Making an HTTP request from JavaScript without leaving the page".
PHP is heavily geared towards being a server side web language (so it is optimised for being accessed over HTTP). Browsers are focused on accessing content over HTTP.
No, you use a XmlHttpRequest (that is, I assume you don't want the user to experience any sort of page refresh).
To work cross browser easily I'd recommend using a library like jQuery which handles everything for you, everything is nicely encapsulated and abstracted so you don't need to worry about any of the details. That way calling your script becomes extremely easy.
XMLHttpRequest is the best way, as far as I know, but there are other techniques too. There is the old school way some sites still use. Using hidden iframes and sending request through it.You create an iframe with javascript, append it with 0 width and height and the request the php file. The output must be script that somehow communicates with the parent window script.
I am trying to make a plugin that people can place on their site to generate a form. I dont want to use an iframe to display the form but use javascript to generate it.
The problem is how do i connect the javascript and php together. My site is programmed in PHP.
Your getting a liite mixed up, I think.
PHP runs on your server. This is the place where you fetch data from the database and create some form of html-response.
Javascript runs in the browser. It can't directly talk to your database.
iframe is a special html-element: Therfore it is passive and can't do anything like creating a form.
You have two ways:
Create a PHP script which handles everything through plain HTTP-Requests. This is the "old school" way and requires a lot of page-reloading.
Write most of the logic in javascript and let it communicate to PHP/your database through AJAX. In this case. Have a look at jQuery which makes AJAX-requests (and a lot of other things) very easy.
One issue you will be faced with is 'Cross site Scripting' with Javascript / AJAX.
You can read up on it a bit here:
http://snook.ca/archives/javascript/cross_domain_aj
Also, thinking your process through, you will need sufficient javascript code to create a 'widget' on any place, and have a way to communicate BACK to your server (keep in mind PHP only runs local on your machine, so it cannot be used remotely in your javascript).
You will probably need to build a JSON API (google / stack search this if needed).
And enable communication from your JAVASCRIPT to the API (don't think of it as to PHP, even tho php will be your API server side language).
Here is an example of a PHP JSON API (on youtube too):
http://www.youtube.com/watch?v=F5pXxS0y4bg
If you put PHP into JavaScript and someone implements this, PHP will compile on their server. So you just can't. You just need to put the form in your plugin.
I want to write a PHP script that performs a routine task in a web app I use. I am trying to figure out the easiest way to submit a form, click a link, and get some information. What's the easiest way to do this (keeping the session open, etc.).
Javascript would be a better solution than PHP. You can use it in tandem with PHP to submit a form that references the same page, ie. <form method='index.php' action='post'>
If method is GET then you ought to be able to work it out form the URLs of a few real world attempts.
It POST then you are probably SOL unless it's your own web page./app and you know what $_POST it expects ... unless you find a tool to snoop your HTTP traffic and get the POST info from observing a few real wrold examples.
You can use CURL in PHP to simulate submitting data, clicked links, etc., I suppose, but a client-side scripting language like Javascript--as opposed to a server-side language like PHP--is more suited to what you're describing. I'd need more info to give you a specific example.
You will not be able directly emulate those events in PHP as web apps use Javascript on the client side and PHP is a different language and operates on the server side.
Firstly, I would see if there is an open API available for the web app you're wondering about, e.g. Gmail: http://code.google.com/apis/gmail/ . Not all APIs can do what the web app can do, so you'll need to check the documentation to make sure the API does what you want and has an easy way to interface with PHP.
The other option is to essentially reverse engineer how the web app communicates with it's server. Most all web apps operate by sending POST or GET HTTP data in some sort of serialized format like XML, JSON or text. You can use something like the Firebug add-on for Firefox to view POST/GET data. If you know what the server sends to the client and what the client sends to the server, you can essentially write a script using something like CURL to emulate the client in PHP instead of JavaScript. This would take quite a bit of work and probably involves a lot of trail & error.