Json vs Standard Post_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-12 05:34 出处：网络

I have developed a free shop开发者_开发技巧ping cart plug-in for small websites, I am currently using name=value&name=value to submit items to the basket.

I have developed a free shop开发者_开发技巧ping cart plug-in for small websites, I am currently using name=value&name=value to submit items to the basket.

The process is html form -> jQuery serialize -> AJAX post -> php,

I have read that JSON is a more secure way to pass this data. I was hoping some kind person could explain to me why this is or point me to any web resources on the subject.

JSON posted with XHR is no more (or less) secure than any other request.

They all must be handled appropriately.

There's no difference between AJAX POST or any other POST. It's all the same. HTTP is a simple protocol, whether JavaScript sends headers or a custom built script - it doesn't matter to the underlying server since all it sees is plain text that it interprets.

There's no "more" security if you use AJAX or regular POST-ing, anyone can send any sort of data to the target script so you need to handle it properly.

It's not related to security at all.

JSON is just a different way to transmit the data - instead of posting a querystring-like string you send a string that is valid JSON.

By default in AJAX, data is posted in xml format using some protocol. while parsing data from xml format, we will get all node values in string format. Hence data type of the value submitted/received is not known. If required we need to typecast the data.

where as in JSON format data types has been persisted till some extent.

POSTing JSON data requires that certain types of headers be sent back and forth between the client and server. For instance, the client needs to send content type, the server needs to respond with allow-options for content type and access origin. POSTed JSON doesn't come through the PHP $_POST variable, rather it is carried in $HTTP_RAW_POST_DATA.

Without the proper headers, a browser kills the response and its data, preventing the page from looking at or processing anything. Or at least, it's supposed to.

Is generally more "secure" for preventing cross site scripting problems, but the data and calls are still subject to hacking the posted data and headers and such.