What types of security on server side should I use when I'm sending post data with jQuery's $.ajax()?












0















Price estimation webapp



I'm writing simple price estimation webapp, which contains few slides with different options/parameters of desired product. As the user comes to my page, he goes through all my slides and selects which options/parameters he wants to be included. Selected options/parameters are stored by javascript in object.



On last slide I have email input with send button. In this input user writes his email adress and clicks on send button. Clicked send button has event listener which triggers jQuery $.ajax() function and sends options/parameters object with his email adress to mail.php



PHP



mail.php script on server checks with array_key_exists(options/parameters). If true then it makes pdf file with selected options/parameters of product and sends it to user email adress.



The problem - server security



The thing I'm worried about is security of this process. Can you tell me possible vulnerability of this process and how to prevent it?



Thank you






php jquery ajax







share|improve this question























  • Require HTTPS, for one

    – CertainPerformance
    Jan 20 at 10:02











  • I've forced HTTPS on all my sites. Still thanks for tip.

    – Jakub Voženílek
    Jan 20 at 10:16













  • You might consider thinking about CSRF protection, since you are using jQuery, this gist might help you implement it gist.github.com/ziadoz/3454607

    – medunes
    Jan 20 at 10:17













  • If you are using a DB you shall use mysql_real_escape_string() function to avoid sql injection.

    – Richard Socker
    Jan 20 at 18:24
















0















Price estimation webapp



I'm writing simple price estimation webapp, which contains few slides with different options/parameters of desired product. As the user comes to my page, he goes through all my slides and selects which options/parameters he wants to be included. Selected options/parameters are stored by javascript in object.



On last slide I have email input with send button. In this input user writes his email adress and clicks on send button. Clicked send button has event listener which triggers jQuery $.ajax() function and sends options/parameters object with his email adress to mail.php



PHP



mail.php script on server checks with array_key_exists(options/parameters). If true then it makes pdf file with selected options/parameters of product and sends it to user email adress.



The problem - server security



The thing I'm worried about is security of this process. Can you tell me possible vulnerability of this process and how to prevent it?



Thank you






php jquery ajax







share|improve this question























  • Require HTTPS, for one

    – CertainPerformance
    Jan 20 at 10:02











  • I've forced HTTPS on all my sites. Still thanks for tip.

    – Jakub Voženílek
    Jan 20 at 10:16













  • You might consider thinking about CSRF protection, since you are using jQuery, this gist might help you implement it gist.github.com/ziadoz/3454607

    – medunes
    Jan 20 at 10:17













  • If you are using a DB you shall use mysql_real_escape_string() function to avoid sql injection.

    – Richard Socker
    Jan 20 at 18:24














0












0








0








Price estimation webapp



I'm writing simple price estimation webapp, which contains few slides with different options/parameters of desired product. As the user comes to my page, he goes through all my slides and selects which options/parameters he wants to be included. Selected options/parameters are stored by javascript in object.



On last slide I have email input with send button. In this input user writes his email adress and clicks on send button. Clicked send button has event listener which triggers jQuery $.ajax() function and sends options/parameters object with his email adress to mail.php



PHP



mail.php script on server checks with array_key_exists(options/parameters). If true then it makes pdf file with selected options/parameters of product and sends it to user email adress.



The problem - server security



The thing I'm worried about is security of this process. Can you tell me possible vulnerability of this process and how to prevent it?



Thank you






php jquery ajax







share|improve this question














Price estimation webapp



I'm writing simple price estimation webapp, which contains few slides with different options/parameters of desired product. As the user comes to my page, he goes through all my slides and selects which options/parameters he wants to be included. Selected options/parameters are stored by javascript in object.



On last slide I have email input with send button. In this input user writes his email adress and clicks on send button. Clicked send button has event listener which triggers jQuery $.ajax() function and sends options/parameters object with his email adress to mail.php



PHP



mail.php script on server checks with array_key_exists(options/parameters). If true then it makes pdf file with selected options/parameters of product and sends it to user email adress.



The problem - server security



The thing I'm worried about is security of this process. Can you tell me possible vulnerability of this process and how to prevent it?



Thank you






php jquery ajax




php jquery ajax






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 20 at 10:01









Jakub VoženílekJakub Voženílek

84




84













  • Require HTTPS, for one

    – CertainPerformance
    Jan 20 at 10:02











  • I've forced HTTPS on all my sites. Still thanks for tip.

    – Jakub Voženílek
    Jan 20 at 10:16













  • You might consider thinking about CSRF protection, since you are using jQuery, this gist might help you implement it gist.github.com/ziadoz/3454607

    – medunes
    Jan 20 at 10:17













  • If you are using a DB you shall use mysql_real_escape_string() function to avoid sql injection.

    – Richard Socker
    Jan 20 at 18:24



















  • Require HTTPS, for one

    – CertainPerformance
    Jan 20 at 10:02











  • I've forced HTTPS on all my sites. Still thanks for tip.

    – Jakub Voženílek
    Jan 20 at 10:16













  • You might consider thinking about CSRF protection, since you are using jQuery, this gist might help you implement it gist.github.com/ziadoz/3454607

    – medunes
    Jan 20 at 10:17













  • If you are using a DB you shall use mysql_real_escape_string() function to avoid sql injection.

    – Richard Socker
    Jan 20 at 18:24

















Require HTTPS, for one

– CertainPerformance
Jan 20 at 10:02





Require HTTPS, for one

– CertainPerformance
Jan 20 at 10:02













I've forced HTTPS on all my sites. Still thanks for tip.

– Jakub Voženílek
Jan 20 at 10:16







I've forced HTTPS on all my sites. Still thanks for tip.

– Jakub Voženílek
Jan 20 at 10:16















You might consider thinking about CSRF protection, since you are using jQuery, this gist might help you implement it gist.github.com/ziadoz/3454607

– medunes
Jan 20 at 10:17







You might consider thinking about CSRF protection, since you are using jQuery, this gist might help you implement it gist.github.com/ziadoz/3454607

– medunes
Jan 20 at 10:17















If you are using a DB you shall use mysql_real_escape_string() function to avoid sql injection.

– Richard Socker
Jan 20 at 18:24





If you are using a DB you shall use mysql_real_escape_string() function to avoid sql injection.

– Richard Socker
Jan 20 at 18:24












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54275329%2fwhat-types-of-security-on-server-side-should-i-use-when-im-sending-post-data-wi%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54275329%2fwhat-types-of-security-on-server-side-should-i-use-when-im-sending-post-data-wi%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Homophylophilia

Image
Haec pagina ad tempus protecta est ob maleficia perpetua. Quaesemus, emendationes suggere in pagina disputationis vel magistratum ad hanc deprotegendam pete. Homophylophilia Hyacinthus complexus ab amante suo Apolline, in pictura Mors Hyacinthi quam Jean Broc pinxit. Homophylophilia est sui sexus vel generis amor vel mores romantici vel sexuales, res venerea masculina in masculos, aut mulier in mulieres appetentes. Hoc ingenium sexuale est "exemplar permanens vel inclinatio ad experiendam sexualem, adfectionalem, vel romanticam vim attrahendi," praecipue vel solum ex hominibus eiusdem sexús; notio "etiam ad hominis iudicium identitatis privatae socialisque in illis attractionibus conditum refert, in moribus quoque qui illos exprimant, et in societate communitatis aliorum qui illos communicent." [1] [2] Per aevos alii aliter rem definiverunt, sed Occidentali nostrae aetatis cultu civili non tantum ad ipsa acta erotica spectat, sed etiam igitur
Read more

Updating UILabel text programmatically using a function

Image
0 so I am trying to update the UIlabel text using a func. I have seen few other questions like mine and I tried their method but it doesn't work. fun returns no value when used in the UIlabel. I have shown my code below.It has to be noted that when I use the function in viewdidload I can retrieve the data. lazy var name: UILabel = { let lb = UILabel() lb.text? = getthename() lb.lineBreakMode = NSLineBreakMode.byWordWrapping lb.textColor = .mainGreen lb.textAlignment = .left lb.font = UIFont.boldSystemFont(ofSize:12.0) return lb }() func getthename() -> String { var wins : String = "" let ud = (Auth.auth().currentUser?.uid) self.ref = Database.database().reference() self.ref.child("Users").child(ud!).observeSingleEvent(of: .value, with: {(snapshot) in
Read more

Cloud Functions - OpenCV Videocapture Read method fails for larger files from cloud storage

Image
0 I created a cloud function to read a video file from cloud storage and read frames and create an image for each frame. This function works for small files which is 1-2 MB, However, this method fails while reading larger file 130 MB. import cv2 from google.cloud import storage vidcap = cv2.VideoCapture("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") if vidcap.isOpened(): vidcap.open("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") success,image = vidcap.read() print(success) Expected the print will return true and an image will hold an image of a first frame. python-3.x function opencv cloud share | improve this question
Read more