0

I have been into web development with both client amd server side code, and have been using JavaScript Ajaxto receive and manipulate for data along with PHP scripts.

However, I noticed that websites like Google and Facebook use PHP forms instead of sending ajax requeststo PHP scripts.

What I wonder is that what is the advantage of direct PHP form submit over sending form data from a static HTML page to a PHP Script via JavaScript Ajax, especially from the UX and security point of view?

Improve this question
5
  • But I think we can make Ajax Requests equally secure too, using CSRF tokens or something? Commented Jan 7, 2018 at 4:20
  • There is no difference.... I can change whatever you want with the form just like how you can do it with an Ajax request. I can open up a terminal and make a curl request, it makes no difference. Commented Jan 7, 2018 at 4:23
  • 1
    And I do not think I have ever seen php with Google... Commented Jan 7, 2018 at 4:27
  • Facebook does use PHP post but I don't know about noodle and twitface. Commented Jan 7, 2018 at 4:33
  • I used to do Ajax security talks way back in 2006 and would walk up and say, do you know how to do secure forms? Yes, well my talk is done and act like I was leaving. All the same rules apply. Commented Jan 7, 2018 at 4:39

1 Answer 1

Reset to default
1

There is ZERO security benefit of using a form over using XMLHttpRequest. Anyone can go into their console and change anything they want with a form request just like they can change the XMLHttpRequest.

In the end they are both http requests sent over the wire. You can open up a terminal window and make http requests to any site, it really does not matter. That is why we always say validate your data on the server to make sure it is valid.

Why would someone use an HTML form over Ajax? Well it has worked for ages with and without JavaScript disabled. They want to send a user to another page.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.