ALive Fields

Table of Contents

1. Overview
2. Security
3. Usage Guide

Overview

ALive fields (Ajax Live Fields) are a variety of Javascript controls (operating on a provided PHP backend) I built to provide a live, secure, rapid-deployment database-binding system. The setup I provide here is relatively basic, however it is open source and easy to adapt to your own specific needs.

You can see the youtube screencast on basic usage and functioning. Or you can try the live example out for yourself. The source is also hosted on github.

Security

These controls are designed to be entirely secure. This means that they are designed to: not reveal any information about table or field names in the database, not allow editing of fields; rows; or tables by fiddling with requests, and not be susceptible to SQL injection. I highly encourage you to verify the security for yourself on the example; if you can break the security (i.e. fiddling with requests in a way that lets you change or view data that could not be changed/altered without fiddling with requests) I will add your name as a contributor to the source code.

The one thing that the coder needs to be sure to do is prevent arbitrary user input from entering into an AcField parameters. For example calling ->load_unchecked($_POST['some_variable']); would be a big security no-no. Additionally, tables, fields, and primary keys should never get passed from/through the client (i.e. AcField("AcTextbox", $_GET['field'], ... ).

Usage Guide

Requirements

• Jquery
• JSON
• JqueryUI

Setup

• Setup a working PHP webserver.
• Setup a database.
• Download ALive Fields, including requirements.
• Set the correct connection string in query_wrapper.php
• Set the correct escaping and wrapping functions for your database (default: mysql)
• Create a page that pulls from your table structure (include libraries, jquery, AcField, set an output mode, create controls, flush output).