I am a newbie and I am creating a form in which there are 10 buttons next to some products. When the user clicks on these buttons then the corresponding product name is added to an array in jquery. When the user submits the form, i pass that array to the server through ajax and then create a session for those values there. All this is working fine.
QUESTION:-
Is it dangerous to store the data at client side like this? Can any malicious user play with that array of data and change it at client side?
Since I cant create a session on every click because it will need to connect to the server again and again, so what could be the best approach to do this?
Is it dangerous to store the data at client side like this?
Not if you do proper data validation server-side
Can any malicious user play with that array of data and change it at client side?
Yes
Since I cant create a session on every click because it will need to connect to the server again and again, so what could be the best approach to do this?
This would be a working option. Or you just submit the form instead of tryin to store everything in an array. Forms were developed to submit used data. Another option would be to use ajax to set the selcted choice onSelect()
Is it like a shopping cart? wherein your are posting all the selected products to the server?
If so storing the just the product names on the client side is of no harm, definitely one can tamper the array, however on the server side you should validate the array with checks like it contains valid products etc, other than that there is no harm in it.
However one should avoid storing sensitive data on the client side, however in you case no issues.
Related
The Film-Production Software Shotgun offers a web interface.
To write notes, coordinator often have to fill in the same information into the forms, because there is no easy way to pre-fill the form automatically based on a project or page.
How can you prefill an autogenerated form, where you do not have access to the sourcecode of the website, which you would like to alter as a client automaticlly.
This is not trying to achieve, to alter the whole website on the web, rather just trying to alther the users html to improve the speed and remove redundant form entries.
Thanks
It would be possible to store this data in the cookies, although I do not know which implications this would have security wise. Ofcourse this would be much easier if there was a way to store this data server sided and collected from there.
Try creating a dictionary or JSON object based on the form, and store this data in the cookies. collect the data from the cookies if the user lands on the form again. The benefit from this is that you could implement this without ever actually handling the data, and being able to base it on a session so the cookies get cleared once a user drops the page.
I have a form on my website that I want to ensure each client only submits once per year.
To do this, I would like to save the client's id # and the current year to a .txt file on my server when they submit the form.
When the form is submitted, I also need to check the current contents of that file to ensure their id has not already been recorded, and display a message if they have already submitted the form that year.
I believe I need to use PHP to do this, but I'm brand new to PHP and I'm also not very experienced with jQuery. Any assistance would be much appreciated!
Using a simple database would be much better, because it will be easier to retrieve the stored data later on. There are more than enough tutorials if youre not familiar with databases (use mysql database if you have few experience with databases).
If you use a database you can also store the submitted data from the form very easy.
As Dan already said, first learn PHP and database connects and querys and then jQuery (which you dont need for putting data from a form into a database, but with ajax its cooler (you dont even need jQuery for ajax, vanilla javascript can also do that for you) ;) ).
Just google everything, there are more than enough tutorials online.
If you don't want to use a database, probably the simplest option will be to rename the received file with clientId-currentYear when you put it on the server.
For example, when a user submits a file for client 12345, you will have to check if a file 12345-2018 already exist. If it doesn't exist, you can create it, if not, you send your message to the user.
This is going to be easier to manage than a text file or a database if your programming level is low.
At the moment I'm passing data to node js server via javascript and the reason i must do this is because I'm using socket.io so I emit the data from the client.
There's a method on javascript to store data on a div and the data is invisible on the div $('#divID').data('name','value'); but still the user can see the data when i'm storing it and when I'm sending it. Is there a way I can store and emit the data via javascript the way that user can't change or see it?
It's a 16-digit user ID.
Javascript in essence is meant to be publicly viewable. Anybody with the knowledge of Javascript will be able to see everything that you are doing. So, you will have to continue to send it to the server before it can go to the database.
A client wants a web application that performs a calculation based on text inputs, pulldown selections, checkbox selections, etc. They want to persist form data input but they are don't want to store them on the server. Instead they prefer to retain the inputs locally.
I've been searching and determined that this not a standard approach. Then I came across HTML5 Storage but it looks like that option isn't exactly what I thought it was.
Client wants to be able to save and load sets of inputs such as mortgage scenario 1 or mortgage scenario 20 year. Basically like a "save as" and an "open" button.
I reported back that this approach isn't really feasible and a server database or some other form of server persistence is the norm.
Am I way off base in being insistent that we need to use a database? Or are there any options I'm not aware of such as jquery?
How about object serialization? If you use PHP as backend, you could gather form data to array, serialize it and output to downloadable file.
Another attempt is to catch form data into JSON using only JS, and then making user save it. Look here for more info: How to generate and prompt to save a file from content in the client browser?
I am developing an ecommerce site with angularjs.. Whenever a user add, change quantity or delete product from cart a local array of products will be updated(I am not pushing to server because that would mean a lot of requests) and I listened for window.onbeforeunload to push changes to server. It worked great on my local machine. But when I tested this on server it didn't work as expected.
Is there another way to do this? Maybe saying before leaving page wait a second to send a successful request then leave? Or do I have to push changes every time the cart is updated..
I also want to leave managing cart for the server, meaning I can't manipulate cookies. Because on server I am using external classes that handle cart on it's way e.g. creating encrypted item identifier for each item.
I found a solution, not sure if it's best practice but after testing it in many situations. It seems to work very nice...
When user modifies the cart the items are saved using javascript(no requests needed) in a cookie as json array.
Before each request I check if there were items saved in the cookies to do the following:
a. Destroy the cart.
b. Retrieve and json_decode items saved in the cookies.
c. Insert these new items in the empty cart.
d. Unset this cookie.
The good thing about this approach, there aren't any overhead requests to push local changes to server
But the bad thing it makes using a cart on the server that saves items in different cookie look silly and I might refactor that with my own cart class to share the same items cookie ....