How does ajax form submission work?

Question

I know how to use ajax for submitting a form and all. What I am concerned about is, what is actually happening in the background when a form is submitted via ajax.

How are the values transferred? Encrypted or not? And what is the need of specifying submission type, I mean get or post, if the URL is not showing the form fields?

Edit: Found this on w3schools:

GET requests can be cached
GET requests remain in the browser history
GET requests can be bookmarked
GET requests should never be used when dealing with sensitive data
GET requests have length restrictions
GET requests should be used only to retrieve data
POST requests are never cached
POST requests do not remain in the browser history
POST requests cannot be bookmarked
POST requests have no restrictions on data length

How do these apply to ajax form submission?

The request is made just like a "normal" HTTP request. The difference between GET and POST is more than just whether the fields show in the URL or not. — JJJ, May 29 '13 at 05:28

score 2 · Accepted Answer · answered May 29 '13 at 05:35

2

Basically, when you Ajax-submit a form, it is doing exact same thing as what would happen when you as a user GET or POST submit a form - except that it is done in an asynchronous thread by the browser - i.e. called XMLHttpRequest.

If you submit form as a GET request, all of the form values are stitched together as parameter strings and appended to the URL (form's ACTION URL) - prefixed by a ?. This means anyone who can intercept that communication can read the submitted form data even if request is sent to a HTTPS URL. The POST method sends form data as a separate block (from the URL) and if URL is HTTPS then form data gets encrypted.

It looks like you are just starting out in the world of web development - welcome to the world of programming. I would recommend reading up on some good web development/programming books (I don't want to promote any particular book here). Amazon may help suggest few good ones under "Web Development" kind of search terms.

Also, I suggest that you read up a little on GET vs. POST by googling for it (I can only include one or two links - google will show you hundreds).

answered May 29 '13 at 05:35

smallworld

910
7
15

From the question, I do not assume that OP is new `to the world of programming` – Hanky Panky May 29 '13 at 05:37
@ØHankyPankyØ - probably I shouldn't too! I was attempting to be polite in saying that he should read up a little on something as basic as GET vs. POST. If question was only limited to Ajax, I wouldn't have assumed the "new" part. Oh well... – smallworld May 29 '13 at 05:41
@smallworld: `If you submit form as a GET request, all of the form values are stitched together as parameter strings and appended to the URL (form's ACTION URL) - prefixed by a ?. This means anyone who can intercept that communication can read the submitted form data even if request is sent to a HTTPS URL`. What happens when it is an ajax get request? – Aparan May 29 '13 at 05:47
@Aparan as I mentioned in the first paragraph of my answer... "exact same thing". Your GET request Ajaxified or not makes no difference. Send it over HTTP GET vs. POST - only thing you need to worry about is the size of the data being sent (see other answers). – smallworld May 29 '13 at 06:02
@smallworld: How can one read the submitted form data with ajax get request? I mean there is no visible URL there. – Aparan May 29 '13 at 06:06
1

Ok, I think this is getting to a point of a classroom training. You may not be able to find the URL of submitted request in the browser, but that's not how hackers steal data. Irrespective of what you see in your browser URL, when data is sent across the internet it can be read - and this is not a platform where you can learn such details. Sorry, but I won't be able to help anymore on this question. Good luck. – smallworld May 29 '13 at 06:11
@Aparan this is one final note for you and anyone who might be looking for some help... Stay away from w3schools (see w3fools.com for why) and research things a little so you can ask well-informed questions to the community. And... you are welcome. – smallworld May 29 '13 at 06:33

score 0 · Answer 2 · edited May 23 '17 at 10:28

0

For the clear understanding & behind the scene things please refer the links given below.

http://www.jabet.com/

How does AJAX work?

Actually ajax request is same as the normal requests at the server end.

GET or POST has their own use cases. for example: GET has a limit of data transfer depending on the browsers from 1KB to 10 KB. where POST has no such limits.
For a server both AJAX & normal request both are same. so it depends on server code which method you wish to support.
ajax requests are NOT encrypted.

http://www.w3schools.com/tags/ref_httpmethods.asp

edited May 23 '17 at 10:28

Community

1
1

answered May 29 '13 at 05:34

Anand Shah

611
7
14

@Aparan Read up on regular form submission. It's exactly the same with Ajax. – JJJ May 29 '13 at 05:55
1

Anand Shah, AJAX requests over HTTP are not encrypted - requests over HTTPS should be. Before referencing anything from w3schools, you may want to check out http://www.w3fools.com/ - and next time find a more credible source - w3schools have managed to game google - lets make sure we don't fall for it. – smallworld May 29 '13 at 06:04

score 0 · Answer 3 · answered May 29 '13 at 06:01

0

It looks like you want a very detailed answer so you can find it yourself:

Google it and read thoroughly the pages (wikipedia for example)
Read http://www.w3.org/TR/XMLHttpRequest/
Inspect the packets between your browser and the server

answered May 29 '13 at 06:01

lc2817

3,722
16
40

How does ajax form submission work?

3 Answers3