Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.
I just asked a question sort of like this here. Really there shouldn't be much of a difference in how you make ajax requests in ZF than in any other way... framework or no framework. I think what I'm going to do is something like this:
/**
* Application Controller
*/
class HockeyApp_Controller_Action extends Zend_Controller_Action
{
private $_ajax = false;
protected function _init()
{
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$this->_ajax = true;
}
}
}
class UserController extends HockeyApp_Controller_Action
{
public function deleteAction()
{
if (!$this->_isLoggedIn()) return;
$user = new Model_User;
$user->id = $this->getRequest()->getParam('id');
if ($user->delete())
{
/**
* If this request originated from XMLHttpRequest, than return a response in json
*/
if ($this->_ajax)
{
$status = 'success';
$output = Zend_Json::encode($status);
$this->getResponse()->setHeader("X-JSON", '(' . $output . ')'); // is this the right way to do this? I'm not even sure
return;
}
/**
* If the parser has made it here, than the request was just standard http, so forward them home or where ever they came from
*/
$this->_view->status = 'success';
$this->_forward('user', 'home');
return;
}
}
}
Not to sound negative, plus i also hope you understand i'm sure you already have considered this, but I figure I might as well say it.
Doing what you are considering might *work* in all fairness, but if you are dealing with a site that gets thousands of users daily, you may want to look for an alternative solution due to the amount of bandwidth doing what I think you are doing is gonna cost you.
A java applet or a flash app might be a bit more benficial (=
If it's not high traffic, then by all means go for it.
Either way, Space Goat is right though. Will work regardless if you use zend's framework or if you use a basic lamp setup.
AJAX is a form of request, as far as php cares, it's not different to the user entering the servers address in the address bar - you just have to know what to serve.
infolock wrote:Doing what you are considering might *work* in all fairness, but if you are dealing with a site that gets thousands of users daily, you may want to look for an alternative solution due to the amount of bandwidth doing what I think you are doing is gonna cost you.
As a rule of thumb a well designed AJAX application will reduce your bandwidth usage.
It can definately reduce it. trust me i understand it, i've used ajax for almost 2 years now (=
The thing is, making a script that is continuosly calling a php script that is in essence querying a database, can potentially send 3600 requests for 1 user if the user keeps the browser idle and on the same page for an hour. This is true because his script is continuosly making an ajax call every second probably using the javascript timeout/callback method.
All i'm saying is 1000 x 3600 makes for a great deal of bandwidth issues versus a 1 time query and forcing the user to refresh the page to update the list. or better yet, havin the javascript only query for the list once a minute or something.
What took my attention is you could delete any user providing the right user_id as it does not seem to be validated.
But I guess this is off topic and in real scenario this is validated
infolock wrote:It can definately reduce it. trust me i understand it, i've used ajax for almost 2 years now (=
The thing is, making a script that is continuosly calling a php script that is in essence querying a database, can potentially send 3600 requests for 1 user if the user keeps the browser idle and on the same page for an hour. This is true because his script is continuosly making an ajax call every second probably using the javascript timeout/callback method.
All i'm saying is 1000 x 3600 makes for a great deal of bandwidth issues versus a 1 time query and forcing the user to refresh the page to update the list. or better yet, havin the javascript only query for the list once a minute or something.
You ignored the bit where I said "well designed". Having a page that hits once a second when it's idle is very unlikely to be well designed. Even then though, so long as you limit what you're passing via the AJAX connection to new and updated information you'll still only be using a tiny amount of bandwidth.
I agree. You just have to watch how often that gets sent. if it's based on the user clicking something before the request is sent, so be it. But if it's a repeating call that happens every second with no set timeout, you are set on disaster when thousands of users hit your site at the same time.
Just to clarify, i saw your comment about designing well. Just making a point about while the design may be in the best interest, sometimes you have to think beyond the 10,000 ft view and see what's really going to happen in every-day situations (=
jmut wrote:What took my attention is you could delete any user providing the right user_id as it does not seem to be validated.
But I guess this is off topic and in real scenario this is validated
Heh...Java? Why would I use Java when AJAX works best? What happens if people have Java disabled or not installed? The way my system works now, AJAX is only used when JavaScript is enabled otherwise it remains fully functional using static HTML, AJAX is simply used to reduce bandwidth, etc...
I'm not sure you followed what I was saying
Anyways, Ninja dude...
Just an observation, maybe you did it for demonstration, but:
I still think it should go through the whole spanking machine and get transformed to JSON or XML on the way out - isn't it a security concern if you short turn the controller?
The Ninja Space Goat wrote:nope it's right just where it is
Not always.. I like to create a map of my application mixed in with user permissions and implement it either using the init() function in controller parent class automatically, or even through a plugin which could redirect if their session permission did not meet the requested action.
The Ninja Space Goat wrote:nope it's right just where it is
Not always.. I like to create a map of my application mixed in with user permissions and implement it either using the init() function in controller parent class automatically, or even through a plugin which could redirect if their session permission did not meet the requested action.
yea I've seen something sort of similar to that before... where privileges to controllers / actions were mapped back to a database table that was checked in my application controller and if the user doesn't have access, they never even make it to the controller/action. That is something I may implement for a system I'm working on right now, but for right now, this method is fine.