Live search project
up vote
0
down vote
favorite
I have a live search project and I don't know if it's secure enough or not. I don't access it directly, but I get data by JSON so I shouldn't worry about slashes or quotes, right?
The PHP code:
<?php
if (isset($it_server)) {
class search{
public function gettingvalues($search_value){
require_once('db_conx.php');
$dir = "usersimage/";
$search_value = htmlspecialchars($search_value,ENT_QUOTES,'UTF-8');
$sql = "SELECT name,img,username FROM users WHERE username like '$search_value%' || name like '$search_value%'";
$query = mysqli_query($conx,$sql);
if ($query) {
if (mysqli_num_rows($query) > 0) {
while ($row = mysqli_fetch_array($query)) {
$img = $row['img'];
$name = $row['name'];
$username = $row['username'];
$json = array('img' => $img, 'name' => $name, 'username' => $username);
$results = $json;
}
echo json_encode($results);
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = 'No results.';
$results = $json;
echo json_encode($results);
}
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = "There's a problem, please try later!";
$results = $json;
echo json_encode($results);
}
}
}
}else{
header('location: 404');
die();
}
?>
I call the function from index.php:
<?php
$its_server = 'yes';
if (isset($_POST['data'])) {
require('search.php');
$search = new search;
$search->gettingvalues($_POST['data']);
header('Content-Type: application/json; charset=utf-8');
die();
}
?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('input').keyup(function(){
var value= $('input').val();
$.ajax({
type: "POST",
url: "",
data: {data: value},
datatype: "json",
success: function(json_data) {
var img = ;
var username = ;
var name = ;
var html = '';
$.each(json_data, function(index, e) {
if (e.error) {
html += `${e.error}`;
}else{
html += `${e.name} ${e.username} ${e.img}<br>`;
}
})
$("#feedback").html(html);
}
})
});
});
</script>
<input type="text" name="search" placeholder="looking for?">
<div id="feedback"></div>
I don't know if I'm doing well with security or not and it's a big deal to me. So what you see from 1-10, how secure is my page?
php json ajax
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
up vote
0
down vote
favorite
I have a live search project and I don't know if it's secure enough or not. I don't access it directly, but I get data by JSON so I shouldn't worry about slashes or quotes, right?
The PHP code:
<?php
if (isset($it_server)) {
class search{
public function gettingvalues($search_value){
require_once('db_conx.php');
$dir = "usersimage/";
$search_value = htmlspecialchars($search_value,ENT_QUOTES,'UTF-8');
$sql = "SELECT name,img,username FROM users WHERE username like '$search_value%' || name like '$search_value%'";
$query = mysqli_query($conx,$sql);
if ($query) {
if (mysqli_num_rows($query) > 0) {
while ($row = mysqli_fetch_array($query)) {
$img = $row['img'];
$name = $row['name'];
$username = $row['username'];
$json = array('img' => $img, 'name' => $name, 'username' => $username);
$results = $json;
}
echo json_encode($results);
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = 'No results.';
$results = $json;
echo json_encode($results);
}
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = "There's a problem, please try later!";
$results = $json;
echo json_encode($results);
}
}
}
}else{
header('location: 404');
die();
}
?>
I call the function from index.php:
<?php
$its_server = 'yes';
if (isset($_POST['data'])) {
require('search.php');
$search = new search;
$search->gettingvalues($_POST['data']);
header('Content-Type: application/json; charset=utf-8');
die();
}
?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('input').keyup(function(){
var value= $('input').val();
$.ajax({
type: "POST",
url: "",
data: {data: value},
datatype: "json",
success: function(json_data) {
var img = ;
var username = ;
var name = ;
var html = '';
$.each(json_data, function(index, e) {
if (e.error) {
html += `${e.error}`;
}else{
html += `${e.name} ${e.username} ${e.img}<br>`;
}
})
$("#feedback").html(html);
}
})
});
});
</script>
<input type="text" name="search" placeholder="looking for?">
<div id="feedback"></div>
I don't know if I'm doing well with security or not and it's a big deal to me. So what you see from 1-10, how secure is my page?
php json ajax
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
It makes me wonder where did you get the idea that JSON is any related to SQL. This statement is like "I washed my hands, so I can go cross a road anywhere, no car will hit me because I am protected from germs".
– Your Common Sense
Jun 26 at 8:28
Getting data by json, through jqeury, still exposes your 'live search' to the outside world, with all the security implications of that.
– KIKO Software
Jun 28 at 15:49
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a live search project and I don't know if it's secure enough or not. I don't access it directly, but I get data by JSON so I shouldn't worry about slashes or quotes, right?
The PHP code:
<?php
if (isset($it_server)) {
class search{
public function gettingvalues($search_value){
require_once('db_conx.php');
$dir = "usersimage/";
$search_value = htmlspecialchars($search_value,ENT_QUOTES,'UTF-8');
$sql = "SELECT name,img,username FROM users WHERE username like '$search_value%' || name like '$search_value%'";
$query = mysqli_query($conx,$sql);
if ($query) {
if (mysqli_num_rows($query) > 0) {
while ($row = mysqli_fetch_array($query)) {
$img = $row['img'];
$name = $row['name'];
$username = $row['username'];
$json = array('img' => $img, 'name' => $name, 'username' => $username);
$results = $json;
}
echo json_encode($results);
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = 'No results.';
$results = $json;
echo json_encode($results);
}
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = "There's a problem, please try later!";
$results = $json;
echo json_encode($results);
}
}
}
}else{
header('location: 404');
die();
}
?>
I call the function from index.php:
<?php
$its_server = 'yes';
if (isset($_POST['data'])) {
require('search.php');
$search = new search;
$search->gettingvalues($_POST['data']);
header('Content-Type: application/json; charset=utf-8');
die();
}
?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('input').keyup(function(){
var value= $('input').val();
$.ajax({
type: "POST",
url: "",
data: {data: value},
datatype: "json",
success: function(json_data) {
var img = ;
var username = ;
var name = ;
var html = '';
$.each(json_data, function(index, e) {
if (e.error) {
html += `${e.error}`;
}else{
html += `${e.name} ${e.username} ${e.img}<br>`;
}
})
$("#feedback").html(html);
}
})
});
});
</script>
<input type="text" name="search" placeholder="looking for?">
<div id="feedback"></div>
I don't know if I'm doing well with security or not and it's a big deal to me. So what you see from 1-10, how secure is my page?
php json ajax
I have a live search project and I don't know if it's secure enough or not. I don't access it directly, but I get data by JSON so I shouldn't worry about slashes or quotes, right?
The PHP code:
<?php
if (isset($it_server)) {
class search{
public function gettingvalues($search_value){
require_once('db_conx.php');
$dir = "usersimage/";
$search_value = htmlspecialchars($search_value,ENT_QUOTES,'UTF-8');
$sql = "SELECT name,img,username FROM users WHERE username like '$search_value%' || name like '$search_value%'";
$query = mysqli_query($conx,$sql);
if ($query) {
if (mysqli_num_rows($query) > 0) {
while ($row = mysqli_fetch_array($query)) {
$img = $row['img'];
$name = $row['name'];
$username = $row['username'];
$json = array('img' => $img, 'name' => $name, 'username' => $username);
$results = $json;
}
echo json_encode($results);
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = 'No results.';
$results = $json;
echo json_encode($results);
}
}else{
$json['name'] = '';
$json['img'] = '';
$json['username'] = '';
$json['error'] = "There's a problem, please try later!";
$results = $json;
echo json_encode($results);
}
}
}
}else{
header('location: 404');
die();
}
?>
I call the function from index.php:
<?php
$its_server = 'yes';
if (isset($_POST['data'])) {
require('search.php');
$search = new search;
$search->gettingvalues($_POST['data']);
header('Content-Type: application/json; charset=utf-8');
die();
}
?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('input').keyup(function(){
var value= $('input').val();
$.ajax({
type: "POST",
url: "",
data: {data: value},
datatype: "json",
success: function(json_data) {
var img = ;
var username = ;
var name = ;
var html = '';
$.each(json_data, function(index, e) {
if (e.error) {
html += `${e.error}`;
}else{
html += `${e.name} ${e.username} ${e.img}<br>`;
}
})
$("#feedback").html(html);
}
})
});
});
</script>
<input type="text" name="search" placeholder="looking for?">
<div id="feedback"></div>
I don't know if I'm doing well with security or not and it's a big deal to me. So what you see from 1-10, how secure is my page?
php json ajax
php json ajax
asked Jun 26 at 5:47
user172643
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
It makes me wonder where did you get the idea that JSON is any related to SQL. This statement is like "I washed my hands, so I can go cross a road anywhere, no car will hit me because I am protected from germs".
– Your Common Sense
Jun 26 at 8:28
Getting data by json, through jqeury, still exposes your 'live search' to the outside world, with all the security implications of that.
– KIKO Software
Jun 28 at 15:49
add a comment |
It makes me wonder where did you get the idea that JSON is any related to SQL. This statement is like "I washed my hands, so I can go cross a road anywhere, no car will hit me because I am protected from germs".
– Your Common Sense
Jun 26 at 8:28
Getting data by json, through jqeury, still exposes your 'live search' to the outside world, with all the security implications of that.
– KIKO Software
Jun 28 at 15:49
It makes me wonder where did you get the idea that JSON is any related to SQL. This statement is like "I washed my hands, so I can go cross a road anywhere, no car will hit me because I am protected from germs".
– Your Common Sense
Jun 26 at 8:28
It makes me wonder where did you get the idea that JSON is any related to SQL. This statement is like "I washed my hands, so I can go cross a road anywhere, no car will hit me because I am protected from germs".
– Your Common Sense
Jun 26 at 8:28
Getting data by json, through jqeury, still exposes your 'live search' to the outside world, with all the security implications of that.
– KIKO Software
Jun 28 at 15:49
Getting data by json, through jqeury, still exposes your 'live search' to the outside world, with all the security implications of that.
– KIKO Software
Jun 28 at 15:49
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
One quite big security issue I see here is your vulnerability to SQL-Injection attacks. Even when you use htmlspecialchars(), there are still some ways to circumvent it, as shown in Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?.
Basically, you are allowing the user to directly manipulate the SQL-Query, which has to be prevented. For this case, there are Prepared Statements, which - if used correctly - will prevent the user from doing anything nasty with your database. There is an answer to How can I prevent SQL injection in PHP? regarding this topic, so I suggest you read and understand that.
Also, you might have a look at the manual to learn more about prepared statements using either mysqli or PDO.
edited Jun 26 at 8:21
Toby Speight
22.4k537109
answered Jun 26 at 7:07
Tobias F.
1093
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
1
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
1
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
|
show 3 more comments
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
One quite big security issue I see here is your vulnerability to SQL-Injection attacks. Even when you use htmlspecialchars(), there are still some ways to circumvent it, as shown in Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?.
Basically, you are allowing the user to directly manipulate the SQL-Query, which has to be prevented. For this case, there are Prepared Statements, which - if used correctly - will prevent the user from doing anything nasty with your database. There is an answer to How can I prevent SQL injection in PHP? regarding this topic, so I suggest you read and understand that.
Also, you might have a look at the manual to learn more about prepared statements using either mysqli or PDO.
edited Jun 26 at 8:21
Toby Speight
22.4k537109
answered Jun 26 at 7:07
Tobias F.
1093
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
1
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
1
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
|
show 3 more comments
up vote
0
down vote
One quite big security issue I see here is your vulnerability to SQL-Injection attacks. Even when you use htmlspecialchars(), there are still some ways to circumvent it, as shown in Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?.
Basically, you are allowing the user to directly manipulate the SQL-Query, which has to be prevented. For this case, there are Prepared Statements, which - if used correctly - will prevent the user from doing anything nasty with your database. There is an answer to How can I prevent SQL injection in PHP? regarding this topic, so I suggest you read and understand that.
Also, you might have a look at the manual to learn more about prepared statements using either mysqli or PDO.
edited Jun 26 at 8:21
Toby Speight
22.4k537109
answered Jun 26 at 7:07
Tobias F.
1093
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
1
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
1
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
|
show 3 more comments
up vote
0
down vote
up vote
0
down vote
One quite big security issue I see here is your vulnerability to SQL-Injection attacks. Even when you use htmlspecialchars(), there are still some ways to circumvent it, as shown in Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?.
Basically, you are allowing the user to directly manipulate the SQL-Query, which has to be prevented. For this case, there are Prepared Statements, which - if used correctly - will prevent the user from doing anything nasty with your database. There is an answer to How can I prevent SQL injection in PHP? regarding this topic, so I suggest you read and understand that.
Also, you might have a look at the manual to learn more about prepared statements using either mysqli or PDO.
edited Jun 26 at 8:21
Toby Speight
22.4k537109
answered Jun 26 at 7:07
Tobias F.
1093
One quite big security issue I see here is your vulnerability to SQL-Injection attacks. Even when you use htmlspecialchars(), there are still some ways to circumvent it, as shown in Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?.
Basically, you are allowing the user to directly manipulate the SQL-Query, which has to be prevented. For this case, there are Prepared Statements, which - if used correctly - will prevent the user from doing anything nasty with your database. There is an answer to How can I prevent SQL injection in PHP? regarding this topic, so I suggest you read and understand that.
Also, you might have a look at the manual to learn more about prepared statements using either mysqli or PDO.
edited Jun 26 at 8:21
Toby Speight
22.4k537109
answered Jun 26 at 7:07
Tobias F.
1093
edited Jun 26 at 8:21
Toby Speight
22.4k537109
edited Jun 26 at 8:21
Toby Speight
22.4k537109
edited Jun 26 at 8:21
Toby Speight
22.4k537109
22.4k537109
answered Jun 26 at 7:07
Tobias F.
1093
answered Jun 26 at 7:07
Tobias F.
1093
answered Jun 26 at 7:07
Tobias F.
1093
1093
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
1
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
1
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
|
show 3 more comments
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
1
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
1
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
To me, this is more a comment than answer, boils down to a single SO link. And a confused one. What does it mean, "Nothing is 100% secure"? Got any evidence of gain access to a database if secured correctly?
– Your Common Sense
Jun 26 at 7:12
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
@YourCommonSense The "Not 100%" part is more something obligatory to me, as you can't guarantee 100%, but as far as i know there is no way to bypass the current "correct" way :) I also wasn't sure whether this counts as a full answer, but it seemed to be too much for a comment to me.
– Tobias F.
Jun 26 at 7:20
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
I think that Prepared Statements won't do anything for me, because index.php transfer json type data (utf-8). What do you think?
– user172643
Jun 26 at 7:42
1
1
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
I think that "Use prepared statements where you can," is a good code review observation and worthy of an answer. It would be better to show what you'd do, as well as linking to those good resources.
– Toby Speight
Jun 26 at 8:18
1
1
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
@AhmadSalameh you are supposed to read the links provided in the answer. "Do i need to use prepared statements" is not a question for a code review. It is not about making your code better but about you understanding very basic principles. Which you are supposed to learn for answers on Stack Overflow.
– Your Common Sense
Jun 26 at 8:26
|
show 3 more comments
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f197252%2flive-search-project%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
It makes me wonder where did you get the idea that JSON is any related to SQL. This statement is like "I washed my hands, so I can go cross a road anywhere, no car will hit me because I am protected from germs".
– Your Common Sense
Jun 26 at 8:28
Getting data by json, through jqeury, still exposes your 'live search' to the outside world, with all the security implications of that.
– KIKO Software
Jun 28 at 15:49