I have a new project coming up, and I would like to use ajax to get the mysql result (in json format) so that I can use jQuery ajax to display it properly. Since I'm really new to json, ajax, jquery please tell me if my design structure is okay or not and if there is any security issue.
Here is my design:
Core.class.php - it will use the PDO object to connect to the mySQL database, and it will do some queries and return the results
json.php - it will create a singleton core obj and return the result in json format, based on the querystring data. ie.
if ($_GET['get_type'] == 'employeeinfo')
{
return get_all_employee_info(); // and in this function I'll use the core to do query and echo all employee data in json format
}
else if ($_GET['get_type'] == 'companyinfo')
{
return get_all_company_info(); // and in this function I'll use the core to do query and echo all company data in json format
}
...
index.php - it will use:
$.ajax ( {
url: 'json.php',
data: //getdata type,
success: function(results) { //use results to populate data and display on this page }
});
to load data and display in result HTML format.
Also, user will have to login first in order to load index.php, and once logged in successfully, session will be created.
So in index.php and json.php, I'm going to check the session, if failed, will throw the die() method.
so is my design structure okay? is there any security issue?
Here are some tips:
Don't return your database objects directly using json, as this would potentially expose your database structure. Simplify your data before return it (don't return more data then you need)
Use a JS template engine for rendering the data. Some examples: https://github.com/justjohn/twig.js/wiki http://twitter.github.io/hogan.js/
I'm not sure how big is your project and how much effort you are willing to pt on this aspect of it. But if your project is big enough you would want to look into some JSON server like Zend's. It can help you architecture your project much more reliable. It's pretty simple to work with and you can find several examples for it on the web.
Check out this tutorial on creating your own simple framework. I found it very useful when creating the basic structure for one of my projects. Every step is explained in detail, so that it is (at least in my opinion) easy to understand for people who are new to PHP.
It explains how to create a basic structure for your project that has a single entry point for your application. This means that each URL you call in your browser will initially start the same php file. Based on the URL, different PHP classes (Controllers) will be started and render the content that is needed. This has many advantages, for example you will need to check only once that a user is logged in.
The tutorial focuses completely on the server-side structure, so it does not cover any AJAX or jQuery concepts. The Symfony components however make the implementation of AJAX-based calls a piece of cake.
If your project is not really huge, I recommend trying RedBean for the connection and manipulation to the database. It makes it really easy to retrieve, store and create new database tables or entries.
In case you are interested I can give you some tips on how to implement user and session management.
Good luck!
Use an existing framework. It's better to learn couple of frameworks or three before you write your own. http://davss.com/tech/php-rest-api-frameworks/ gives you an example of rest frameworks many of which are very lightweight but would provide you with routing, autoloading, concern separation strategy and many more. As mentioned above map your data into a data structure that makes sense instead of just exposing your database structure. This will give you more control and flexibility. Could be a simple array or a class that you map your database object onto and then to json. A good and simple framework will guide you through and will enforce good practice.
Good luck!