Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Home

anfurny edited this page · 10 revisions
Clone this wiki locally

About the project

ALive fields (Ajax Live Fields) are a variety of Javascript controls (operating on a provided PHP backend) I built to provide a live, secure, rapid-deployment database-binding system. The demo I have provided above is relatively basic, however it is open source and easy to adapt to your own specific needs.

Demonstration links for the passively curious

Security

These controls are designed to be entirely secure. This means that they are designed to: not reveal any information about table or field names in the database, not allow editing of fields; rows; or tables by fiddling with requests, and not be susceptible to SQL injection. I highly encourage you to verify the security for yourself on the example; if you can break the security (i.e. fiddling with requests in a way that lets you change or view data that could not be changed/altered without fiddling with requests) I will add your name as a contributor to the source code.

The one thing that the coder needs to be sure to do is prevent arbitrary user input from entering into an AcField parameters. For example calling ->load_unchecked($_POST['some_variable']); would be a big security no-no. Additionally, tables, fields, and primary keys should never get passed from/through the client (i.e. AcField("AcTextbox", $_GET['field'], ... ).

Setup Overview

Requirements

  • jQuery library
  • JSON2 library
  • jQuery UI library [only required if using AcComboBox, or AcDatebox]

Setup

  • Setup a working PHP 5.3+ webserver.
  • Setup an SQL database.
  • Download ALive Fields, including requirements.
  • Set the correct connection string in query_wrapper.php
  • Set the correct escaping and wrapping functions for your database (default: mysql)
  • Create a page that pulls from your table structure (include libraries, jquery, AcField, set an output mode, create controls, flush output).
Something went wrong with that request. Please try again.