I have many situations where I make AJAX call to server side to get some data. My question is:
Is it better to get the data back simply as JSON or XML, but then I need to use javascript to do all the input and it is impossible to use my server side variables of the user in this javascript (am I wrong here) or is it better to get back not only the database data but the whole HTML.
The first way would be to get back from AJAX call only the content of the table cells and do the whole table generating HTML in javascript. The second would be to call AJAX and get the whole HTML with the data in back from server side.
I am using the second approach now because it is easier for me to program in server side language, but I see two problems using this approach:
Instead of getting only the data I get whole HTML back, which means for example that I am loading too much data every time instead of generating it on client.
The data that I get back is only good for this particular "project", because it is already "formatted" with HTML code. If I would get the JSON raw data, I could reuse the serverside AJAX code to do something else with this data on some other page.
What is the best practice here?
Do not attempt to get HTML or any markup from server to display on the screen. This is a bad practice.
Also, I would prefer JSON to XML.
EDIT:
http://api.jquery.com/load/
Related
I'm developing a web-site with ASP.NET 4.0. Some pages need to get data from the server via AJAX requests (for instance, a list of items, sorted or/and filtered by a parameter). And there I can see two options for templating:
1) AJAX handler get data from database and templates it with Mustache. Returns html code ready to display to the end user.
2) AJAX handler get data from database and sends it as JSON. Javascript code formats data with Mustache on the client-side.
My question is what will perform faster?
I don't think your question can be answered without testing, but I'm not sure the difference would be really significant. However, raw speed notwithstanding, I would go probably for option 2:
HTTP traffic will certainly be lighter with your JSON-formatted data rather than a complete HTML output (this is generally better),
The data can still be handled dynamically on the client side
If your website is designed as a "web application", with an emphasis on client-side processing, this is the way to go. But on the other hand, if you think of your output as something mainly static, it is probably simpler to keep all the work on the server side.
While reading about ASP.NET Ajax toolkit I stumbled upon the term AJAH. What is it and how is it different from Ajax?
AJAH is someone's attempt to come up with a new buzzword to mean "Having JavaScript make an HTTP request and get back a blob of HTML instead of a blob of XML".
Since Ajax has been taken to mean "Having JavaScript make an HTTP request and get back anything at all" (most often JSON these days, but a blob of HTML is also very common), it is a pretty pointless attempt.
Quote taken from here.
With true AJAX, a call is made to the
server, the nicely formatted data is
returned and the client application
extracts the data from the xml, and
replaces whatever elements need to be
replaced on a page. With AJAH, a glob
of html is returned and slapped into
the page.
So basically, AJAH returns pure HTML, AJAX returns formatted data, such as JSON that is dealt with with by the client scripts.
Personally, I think this just looks like a term only a few developers have used. It's definitely not mainstream.
In my asp.net website I need to return data obtained from DB by adding html tags to it from a server side method,just like a webmethod returns jsonified data.
I am having trouble understanding if a webmethod can serve the purpose(i.e., htmlifying the data).If not how do I acheive it?
Could someone please help.
Thanks.
You could build an ASPX page to hit the DB and craft the result into exactly the HTML you want. You could then call that URL from the webpage, using the Ajax mechanism of your choice, and put the response contents into the desired part of the page. Admitedly, it looks a little odd, calling "foo.aspx" as an ajax call - but I believe it will work.
Caveat: I did something like this on a previous project, but it was a couple years ago, using a very early version of .net (1.1 or 2.0). So I apologize if there's nuances I've left out (viewstate-related hiccups, for example). However, hopefully this will give you a starting point.
We got a long-running website where XSS lurks. The problem comes from that some developers directly - without using HtmlEncode/Decode() - retrieve Request["sth"] to do the process, putting on the web.
I wonder if there is any mechanism like HTTPModule to help us HtmlEncode() all the items in a Http request to avoid XSS to some extent.
Appreciate for any suggestion.
Rgds,
Ricky
The problem is not retrieving Request data without HTML-encoding. In fact that's perfectly correct. You should not encode any text until the final output stage when you spit it into an HTML page.
Trying to blanket-encode incoming parameters, whether that's HTML-encoding or SQL-encoding, is totally the wrong thing. It may hide XSS holes in your app but it does not fix them. You will still have a hole if you output content that hasn't come from parameters, or has been processed since then. Meanwhile the automatic encoding will fill your database with multiply-escaped & crud.
You need to fix the output stage, that's where the problem lies.
Like bobince said, this is an output problem, not an input problem. If you can isolate where this data is being output on the page, you could create a Filter and add it to the Response object. This filter would isolate the areas that are common output and then HtmlEncode them.
I'm building a Web Page that allows the user to pick a color and size. Once they have these selected I need to perform a lookup to see if inventory exists or not and update some UI elements based on this.
I was thinking that putting all the single product data into multidimensional JavaScript array (there is only 10-50 records for any page instance) and writing some client side routines around that, would be the way to go for two reasons. One because it keeps the UI fast and two it minimizes callbacks to the server. What i'm worried about with this solution is code smell.
As an alternative i'm thinking about using a more AJAX purist approach of using HTTP handlers and JSON, or perhaps a hybrid with a bit of both. My question is what are your thoughts as to the best solution to this problem using the ASP.Net 2.0 stack?
[Edit]
I also should mention that this page will be running in a SharePoint environment.
Assuming the data is static, I would vote option #1. Storing and retrieving data elements in a JavaScript array is relatively foolproof and entirely within your control. Calling back to the server introduces a lot of possible failure points. Besides, I think keeping the data in-memory within the page will require less code overall and be more readable to anyone with a more than rudimentary understanding of JavaScript.
i'm against Ajax for such tasks, and vote (and implemented) the first option.
As far as I understand, you won't create Code smells if the JS part is being written by your server-side.
From a user point-of-view, Ajax is an experience-killer for wireless browsing, since any little glitch or mis-service will fail or simply lengthen the interaction by factors of 20(!).
I've implemented even more records than yours in my site, and the users love it. Since some of my users use internet-caffee, or dubious hotel wifi, it wouldn't work otherwise.
Besides, Ajax makes your server-vs-client interaction code much more complex, IMO, which is the trickiest part in web programming.
I would go with your second option by far. As long as the AJAX call isn't performing a long running process for this case, it should be pretty fast.
The application I work on does lots with AJAX and HttpHandler, and our calls execute fast. Just ensure you are minimizing the size of your JSON returned in the response.
Go with your second option. If there are that few items involved, the AJAX call should perform fairly well. You'll keep your code off the client side, hopefully prevent any browser based issues that the client side scripting might have caused, and have a cleaner application.
EDIT
Also consider that client side script can be modified by the user. If there's no other validation occuring to the user's selection, this could allow them to configure a product that is out of stock.