I have a new project coming up, and I would like to use ajax to get the mysql result (in json format) so that I can use jQuery ajax to display it properly. Since I'm really new to json, ajax, jquery please tell me if my design structure is okay or not and if there is any security issue.
Here is my design:
Core.class.php - it will use the PDO object to connect to the mySQL database, and it will do some queries and return the results
json.php - it will create a singleton core obj and return the result in json format, based on the querystring data. ie.
if ($_GET['get_type'] == 'employeeinfo')
{
return get_all_employee_info(); // and in this function I'll use the core to do query and echo all employee data in json format
}
else if ($_GET['get_type'] == 'companyinfo')
{
return get_all_company_info(); // and in this function I'll use the core to do query and echo all company data in json format
}
...
index.php - it will use:
$.ajax ( {
url: 'json.php',
data: //getdata type,
success: function(results) { //use results to populate data and display on this page }
});
to load data and display in result HTML format.
Also, user will have to login first in order to load index.php, and once logged in successfully, session will be created.
So in index.php and json.php, I'm going to check the session, if failed, will throw the die() method.
so is my design structure okay? is there any security issue?