html - AJAX in .PHP files

Question

First question using the site so please bear with me if I haven't followed every rule in the book.

I come from a C++ background and don't have a great deal of experience with php/AJAX so I know that I probably have approached some of the following coding tasks in a sub-optimal/ improper way for writing code in different languages but anyway...

I have a Web site which uses a member login system written in PHP (connected to a mysql database), and the site is written using .php files to accomodate for this login system.

I want to use AJAX and JS on my .php pages to make them have a better user experience and I know this is possible (as I have done it), but I wanted to know if there are any negative/technical reasons why I shouldn't (and whether there are any better ways of doing this) as php is server side and AJAX is Client side.

Any advice would be appreciated.

Thanks

EDIT I've added some code to show the type of things I would like to add to my php site

<?php
require "class.loginsys.php";
$LS = new LoginSystem();
$LS->init();
?>

<!-- HTML page structure -->

<!DOCTYPE html>
<html>
    <head>
        <title>OnyxProjectsPage</title>
        <link rel="stylesheet" type="text/css" href="style.css" />
        <script type = "text/javascript">
        function createTable()
        {
            var xhr;
            if (window.XMLHttpRequest) // Mozilla, Safari, ...
            { 
                xhr = new XMLHttpRequest(); 
            }   
            else if (window.ActiveXObject) // IE 8 and older
            { 
                xhr = new ActiveXObject("Microsoft.XMLHTTP");
            }   

            xhr.open("GET", "createDatabase.php"); 
            //xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");  
            xhr.send();

            xhr.onreadystatechange = display_data;
            function display_data() 
            {
                if (xhr.readyState == 4) 
                {
                    if (xhr.status == 200) 
                    {  
                        alert("Table Created");
                    } 
                    else 
                    {
                        alert('There was a problem with the request.');
                    }
                }
            }
        }
        </script>

    </head>

    <body>
        <!-- Header background bar -->
        <div id="container" style="width: 1920px">
        <div id="header" style="background-color:#4c4c4c;">

        <form class="well-home span6 form-horizontal" name="ajax-demo" id="ajax-demo">
            <div class="controls">
                <button type="button" onclick="createTable()">Create Testplan</button>

            </div>
        </form>
    </body>
</html>

Answer 1

Using AJAX / JavaScript is not more dangerous than regular PHP. You can argue, that people can disable JavaScript and thus not be able to perform your expected result.

Usually, using AJAX will, as you mentioned, satisfy the user-experience, since they don't have to reload the page everytime a request is send.

The best solution, in my opinion, would be:

Check if the User enabled Javascript in his browser (keyword: noscript). If so, you can do use Frameworks like jQuery. Using this you can take advantage of the build-in ajax-function (take a look here). Otherwise prepare a fallback/failsafe mode for to serve every visitor.

LT;DR

Mix both of them. In any case, check and validate on serverside before inserting data in a database (or everything related to that kind of stuff), even if you checked it on the clientside already.