Beginner XML question

[banapple]

Greetings, excellent forums here. I wish I had looked into them months ago...Anyways, I am just starting to learn javascript and have some questions on XML. For my web pages to write to these xml files, I need to set the file permissions to read/write for everybody. This just doesn't seem cool to me. While I can design my javascript program to be very careful about what it puts into the file through code, couldn't someone just delete or royally mess up that file on the web server?Also, for an actual use for it, and to play around with my javascript, I want to make a simple game. Like maybe tictactoe. If both people playing the game are on my website, could I record in the xml file where they put their x or o, have my js use a setinterval type thing to keep reading from the xml file, and then display it on the other person's browser? I could have them input their names and who they are playing against to keep track of who is playing w/ who.Thanks for any advice. I'm just getting started here and loving it. My next step will be php and mySQL.

[trevelluk]

With JavaScript alone, you can't change anything on the server, for exactly the security reasons you've mentioned.If you want to change a file on the server, you'll need to use PHP or some other server side language.

[trollger]

It is true you must learn php. php has inbuilt xml parsing to make this job easy.

[jeffman]

File permissions in this sense do not apply directly to the person operating the browser. The "user" is the PHP script itself, which cannot write anything to the server if the permissions are incorrectly set. Unless your script provides a means of uploading data and writing it to the server, the person operating the browser can do no damage. This is why it is important for your PHP script to have some basic security features, like checking usernames and passwords against some sort of file or database.

[jeffman]

Also:3-way communication (user1->server->user2) generally involves a technique called polling, which (as you guessed) requires a timer like setInterval or setTimeout. When the interval expires, the client browser would request the most current data from the server.Unlike a chatroom, where users can send messages at any time, a game like tic-tac-toe would require a technique for keeping track of the last turn, so that players cannot take more than one turn at a time. Coordinating that will take some thought

[banapple]

Thanks for the help and pointing me in the right direction. I am now starting to see that many of my javascript projects from my tutorials and textbooks would be like candy for hackers of any skill level. I have gone through the php tutorial here and have been working on mySQL. Javascript started out so exciting until I realized its limitations.Anyways, I am trying to find out more on this "polling technique" but have not found any decent tutorials. It also seems like the deeper I get with my "simple" projects, the more overwhelming it becomes. For example, if I get everything up and running with tic tac toe, someone can hack the snot out of my server with a sql injection... Kinda seems like I need to be close to an expert in JS, PHP and mySQL before I can start using them together, lol! And that is the part where tutorials really seem to fall short, as the scope is just so wide.

[Synook]

Polling is simply:Wait -> check for change -> no change -> wait -> check for change -> no change -> ... -> check for change -> change! -> do something -> wait -> check for change -> etc.

[Guest techieguy22]

As another beginner in Javascript, I find this discussion really handy. As for polling, I hear other people say that this technique is evil. I don't understand their point my mentor says it's useful. It can be used to handle AJAX response and avoid memory leakage.

[jeffman]

If you poll too often, like once per second, that might gum up your server, yeah. It's also possible that Response B could arrive before Response A, since communications sometimes get routed in strange directions. That could create a strange effect.If people are worried about bandwidth, that's just dumb. Except for your HTTP headers, which get sent for you, you don't have to transmit more than a few bytes to get the information you need. Same with the response. So not much bandwidth, and not much time.We'll be hearing more about the server-push model in a few years, I expect. Till then, I would not worry about polling.