问题
i created script which will count child's div for some certain div with this command
$('#content').children().size()
by this count i know to fetch from 12 to 18 from mysql if this count is 12. with firebug i can find out this count which will post to my script and i thought is there any way to increase this size to get more details from my database in some way?is it secure to pass such data from ajax?
2-can someone post data or simulate posting in any way?for example simulate data which will post by form like this data=2&foo=3&bar=4 and cheating on server?
回答1:
As per my comment, once more as answer.
'Safe' is relative. Basically AJAX is nothing but a plain HTTP request based on JavaScript. So it's not any more or less safe than one like that. To make it 'safe' you could use HTTPS to encrypt the connection. That way, you should be able to prevent injection and stuff. Regarding the cheating...if one really wants to, he can. The only thing you can do, is to check the parameters carefully and therefore detect irregularities. Maybe add a hidden checksum, which only allows for particular options.
回答2:
check this link,it's can be useful
- check for authentication and authorization
- Encrypt or add salted hash checks to data exported to the browser for resubmission
- treat any data received in the request as potentially dangerous
- use HTTPS where its appropriate
- transform data leaving your PHP using the right method for were its going (htmlentities, mysql_real_escape_string
- transform data entering your script using the right method based on its origin (e.g. json_decode)
来源:https://stackoverflow.com/questions/13774947/is-it-safe-to-pass-data-via-ajax