5
Contributors
14
Replies
29
Views
2 Years
Discussion Span
Last Post by mattster
Featured Replies
  • 1
    diafol 3,720   2 Years Ago

    Good point about security DA. Even normal forms can be spoofed and depending on the use case, the arithmetic should be done on the server, not taken from a form. Using JS to give the user feedback is fine though. All input must be treated as suspect. As added security, … Read More

0

I aksed you an either or question.

Eg do you want tea of coffee?

You answered yes - do you see how that causes me a problem?

0

yes. It's have a dynamic value which is changed when the amount is changed.

0

Ok then you use some javascript to read its value and make an ajax call to update it on the server.

If this is the only item on the page with a class of GrandTotal I would possibly give it id="GrandTotal" instead.

You can then access that via script and send it to a server side method to insert it into the database via ajax. Do you do any other ajax in your app?

0

Another thought about security - you realise that a user can easily change the value themselves - this isn't a real ecommerce site or anything like that is it?

How can you use ajax? Depends - have you used it elswhere on your site yet?

0

Ok so lets break this down one thing at a time. Firstly how/when do you want this code to be invoked? Also what style of Ajax are you using - hand written with jquery, some kind of other library maybe?

1

Good point about security DA. Even normal forms can be spoofed and depending on the use case, the arithmetic should be done on the server, not taken from a form. Using JS to give the user feedback is fine though. All input must be treated as suspect. As added security, remember to use tokens to guard against CSRF.

0

Is the span tag even likely to change CSS class? Because if not, why are you storing the whole tag? Why not just the time (and class)?

Good practice not to store unnecissary stuff in your DB when it can be done later.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.