PHP & AJAX Active Client Pages

This is the second part of my four-part series, Active Client Pages – Ajax Approach. In this part of the series, we continue our discussion of the Ajax features we will need to use with ACP, and then we look at the principles of the Ajax approach.

XMLHttpRequest Object
By using the XMLHttpRequest object, a web developer can update a page with data from the server after the page has loaded! The XMLHttpRequest object is supported in Internet Explorer 5.0+, Safari 1.2, Mozilla 1.0 / Firefox, Opera 8+, and Netscape 7.

Ajax Browsers
The keystone of AJAX is the XMLHttpRequest object. Different browsers use different methods to create the XMLHttpRequest object. Internet Explorer uses an ActiveXObject, while other browsers uses the built-in JavaScript object called XMLHttpRequest.

All Ajax requests in JavaScript begin by making a call to the XMLHttpRequest constructor function:

  • new XMLHttpRequest() //IE7, Firefox, Safari etc;
  • new ActiveXObject(“Msxml2.XMLHTTP”) //newer versions of IE5+;
  • new ActiveXObject(“Microsoft.XMLHTTP”) //older versions of IE5+;
  • new XDomainRequest() //IE8+ only. A more “secure”, versatile alternative to IE7’s XMLHttpRequest() object.

In IE6 and below, the XMLHttpRequest() is not supported, but instead relies on the proprietary ActiveXObject for Ajax requests. To create this object, and deal with different browsers, we are going to use a “try and catch” statement. Continue reading

Fundamental Security Issues For Developers Using Asynchronous Javascript and XML (AJAX)

Software developers using Asynchronous Javascript and XML (AJAX) techniques to jazz up corporate Web sites are failing to pay attention to some very fundamental security issues, security researchers warned at the Black Hat USA conference in Las Vegas on Wednesday. As a result, many companies that have rushed to AJAX-enable their sites may be dangerously vulnerable to a variety of Web-based threats of which they’re not even aware. Continue reading