Javascript data to php

danrevah · March 11, 2011, 10:52am

I am using this script to get the user image,name and email…
now, how can I get those details and enter them into the database?

I thought about Ajax to send a request like that:
insertDB.php?image=abc&name=dan&email=dan@dan.com
but its some kind of a security issue since bots could register to my website…
(just send GET requests…).

I want the Facebook plug-in to send immedialty the data to my php script.
for example I am getting there the user.id and I don’t want some hacker will use it to register my website with other people id’s. (make a fake form and send other id’s)…
so I need the Facebook plug-in data protected from changes
untill I insert the data to the database…

what can I do to solve this problem?

<html>
    <head>
      <title>My Facebook Login Page</title>
    </head>
    <body>
      <div id="fb-root"></div>
      <script src="http://connect.facebook.net/en_US/all.js"></script>
      <script>
         FB.init({
            appId:'169630839752390', cookie:true,
            status:true, xfbml:true
         });
          FB.api('/me', function(user) {
           if(user != null) {
              var image = document.getElementById('image');
              image.src = 'http://graph.facebook.com/' + user.id + '/picture?type=large';
              var email = document.getElementById('email');
              email.innerHTML = user.email;
              var name = document.getElementById('name');
              name.innerHTML = user.name;
           }
         });
      </script>
      <fb:login-button perms="email,user_birthday,publish_stream">Login with Facebook</fb:login-button>
     <div align="center">
     <img id="image"/>
     <div id="name"></div>
      <div id="email"></div>
     </div>
    </body>
 </html>

samanime · March 11, 2011, 11:07am

You can build a form with Javascript, putting the data into hidden elements, then triggering a submit on the form to get it to go to the PHP. Combining this approach with AJAX would probably give you what you want.

danrevah · March 11, 2011, 11:10am

But couldn’t some hacker use this to send other people id’s?
since I have no way to check if its his ID… or not…
he could just make a fake form and send for example his friend id…

samanime · March 11, 2011, 11:28am

He could… but that’s always a problem. That’s why you need to come up with some other security method to protect your application.

A common technique is to place some random, time-sensitive value into the information as well. You would have this value expire x-minutes after it was created (either by storing it in a database or coming up with a function that allows you to calculate the validity of the value). Since they would have to be able to load the page from a legitimate place in order to get a legitimate value, you can help protect against fraud.

However, submitting via a post and submitting via a get are roughly equivalent in terms of security. I can always fire up Firebug and drop in any HTML I want (including a form) and send it off wherever. That’s why the security must ALWAYS ALWAYS ALWAYS come from the server-side.

Topic		Replies	Views
Connect website with facebook? JavaScript	3	615	March 11, 2011
Get data from PHP using Ajax JavaScript	2	4293	September 24, 2017
Sending password onClick from form JavaScript	3	2587	July 2, 2010
Login with facebook sql injection? JavaScript	3	3357	June 24, 2019
Get the contents of an array into php JavaScript jquery	7	1403	April 22, 2015

Javascript data to php

Related topics