I have a big concern on a E-commerce website.
My question is that is it safe or preferred approach to
pass plain ajax responseespecially where calculations and quantity is updated?
For example..
When i am loading the product page then Price and other details like product qty, weight, diamonds are getting populated by ajax call.
on page load query is
product.php
$sql = select * from prdrd where id=$id
$r = mysqli_query($sql,$con);
while(){
$row[] = $data;
echo json_encode($row);
}
Product.php page is called via Ajax
then in jQuery i am updating main product page as
$("#proce").html(/*val retrnd by ajax*/);
.. so on
and same approach when somebody changes quantity in cart then updated price can be seen as a response plain text as json updprc:25541.
All things are working perfect but i feel big security concern here..
Also i tried storing values in session and that is a good idea but then i did not find anyway to update page after ajax call through session variables.
Sorry for long post but i really want to get proper idea of secure implementation without https://