I was thinking to make some jQuery functions that will use ajax to control mysql. The whole idea is to make separate files of PHP (e.g query.php, addRow.php, update.php and delete.php) provide data to them via the GET variables like query.php?sql=SELECT * FROM table and then control them with jQuery AJAX functions that I'll make later. Expected code:
$(element).click(function (e) {
mysql.query("DELETE row FROM table WHERE name =
'John Doe'");
});
And then it'll send query through AJAX and the query will be
performed.
So the problem is SECURITY . I mean anyone can just change
javascript from browser's inspector or use console to control my
databases. What can be done for this problem. Is there anyway to
not let anyone change elements in the browser console. If not is
there ANYWAY to overcome this security problem?
Never expose direct access to your database from the web layer. You can never lock that down; someone will send "DROP TABLE table" to your server, however much you lock down the JS source.
All they have to do is see what the browser sends to your server to detect that your server accepts arbitrary SQL commands.
Not that you can lock down the JS code; it is not the browser you need to worry about, anyone can send a HTTP request and start introspecting your client-side code anyway.
Build a RESTful API instead, use that from the client. Such an API is limited in the damage it can do if someone starts calling it directly.
I was thinking to make some jQuery functions that will use ajax to control mysql. The...
Part I— Just Bad Luck? Brrrring! Brrrring! Jane checked the caller ID on her phone. “Sam! Great!” she thought. It was always nice to get a call from her older brother. But a little twinge of worry tugged at her. It was just a couple of weeks ago that he had mentioned making an appointment with his doctor about some abdominal pain he had been having. “Hi Sam! It’s great to hear from you,” Jane answered. “Hi Jane. Well I...