I am a php programmer, who is trying to use more ajax. I have the principles of AJAX down; however, now I have come across some problems. My major one is how do programmers deal with security. Lets say so simplicity sakes, I am building a page that has a textarea that dynamically saves to the database. My problem is, if I were to do something on large scale, say a customer lookup for sales report.
Now, a normal AJAX request would be something like:
Where x would be the customer's name or user id, etc. So, now anyone can would be able to go that page, and go through any customer's they know and get the report as well. How do I build AJAX, yet not have any one able to get other's info?