Add dynamic data into html tag attribute and ajax

Question

I'm using PHP and Jquery for my website. Sometimes i should make a ajax request with jquery. for example i have products list and a button to delete a single product. that's mean i want product ID to delete it with ajax. So to get product ID i'll store it into html tag attribute. But i think "add data into html tag attribute is not secured . What you think and there is a good method to do that ?

Answer 1

There is no reason of woory . You can use html id attribute . While sending a ajax request it is already encrypted with your site url . Also how to manage your ajax request .

I would suggest use of jquery ajax

that is the simplest way to do a clean ajax call . And at the back end you can santize your variable . example :-

$firstName = $_POST['fname'];
$new_string = filter_var($firstName,FILTER_SANITIZE_STRING);

hope this will solve your issue .

Answer 2

There's no reason why you can't just use an html attribute tag such as id or data-id (or whichever data tag name you choose). The security comes in how you submit and handle the ajax request. Just make sure that you sanitize your sql queries or whatever commands to whatever sort of database you're using, and you should avoid any security problems.

Users won't be able to make a successful ajax call from their browser because the ajax call must come from your server in order to be successful. In other words, using an html tag attribute is not at all insecure, and is probably a great way of handling this problem.