MySQL Tips and Precautions ~ Ajax Training, Learn Ajax Video Tutorials Online, Ajax Examples
Ajax Training, Learn Ajax Video Tutorials Online, Ajax Examples: MySQL Tips and Precautions

MySQL Tips and Precautions

While working with Ajax-based MySQL connectivity, there are several aspects to keep in mind. First off, it is worth noting that making connections to databases through Ajaxbased interfaces can quickly become a processing nightmare for the database server if you are not careful about it. When you consider that you could have multiple processes going on in the same page for the same user, the possibility for multiple connections bogging down the server increases dramatically. Consider a web page that has three spots on a single page through which the database can be accessed with Ajax. This would mean that a single page could generate three open requests per user, whenever the functionality was processed. If you think of that across a busy site, the possibility for database server overload becomes higher. As more advanced connection handling becomes available to keep up with the rise in Ajax functionality, this should become less of an issue, but it is important to note anyway so that you don’t potentially go overboard without realizing
the possible problems involved.
Next, you have to consider the ergonomics of what you’re loading a MySQL result into. For instance, if you’re working with a full page refresh and you want to output an error message, it would be simple to load the error message somewhere into the page where it might be quite visible. However, when working with Ajax, you will frequently be loading content into smaller, more contained, less evident enclosures. Therefore, you will have to be more vigilant in keeping the user’s attention on what is going on. In particular, MySQL errors can be quite large, and so it might be a better idea to have any MySQL errors e-mailed to an administrator, and have a small warning message outputted to the user.
As far as security goes, you must be more vigilant than ever. While it may seem as though scripts being accessed through Ajax would be safer than full-on page-rendered scripts, they are in fact just as vulnerable—possibly even more so. The reason for this is that all JavaScript is visible to anyone who views the source of your page. Therefore, any files that are being referenced can be sniffed out and potentially used maliciously if the script itself does not validate against direct access. Since you have so far only been using GET requests in your Ajax requests, there is also the possibility of code injection— especially, in this case, SQL injection.
SQL injection is the act of passing malicious code into the query string (the address bar of your browser) with the intent of causing problems with any dynamic queries contained within the script. Because of this, it is important to take precautions when retrieving information from the query string to dynamically create a MySQL query. Most database software has ways to remove injected data (in MySQL’s case, it is a function by the name of mysql_real_escape_string). Another fairly simple way to alleviate the problem of SQL injection is to merely wrap any variables being retrieved from the query string with either the addslashes function (for string variables) or the intval function (for integer-based variables). All in all, it is important to realize that someone could easily directly access your script, so you should take precautions accordingly, especially with dynamic queries.

Related Posts by Categories


Useful Links on Adobe Flex

Your Ad Here

Latest Books on Adobe Flex