sending data with Ajax to PHP using forms with security tokens

sending data with Ajax to PHP using forms with security tokens

Hi there,

I have noticed that several PHP frameworks use hidden tokens inside forms to get some kind of protection (replay, csrf, tampering, ...). Due to that I cannot simply send a JSON via POST with Ajax, but I think I could do something like the following:

1) create a universal form with 2 text inputs named "action" and "params"
2) retrieve the universal form via GET inside the view with jQuery
3) add a unique id to the retrieved form and append it to HTML body with jQuery
4) create 2 string variables: one with the desired function name and another with a JSON.stringify converted object.
5) insert 2 variables into the 2 form inputs using .val() with jQuery
6) serialize the retrieved form with jQuery
7) send serialized form via POST with jQuery
8) parse form data in controller and call the function inside "name" with the parameters inside "params"
9) delete appended form inside view via unique id with jQuery
10) do something with the response with JavaScript

Will this work?

And is this totally overcomplicated or a common approach to call arbitrary controller function with jQuery? In my case I will have plenty of slightly similar Ajax calls sending or retrieving names, dates, view settings, etc., and I like the DRY principle when developing software. Of course the arbitrary controller functions must exist and the universal controller function should "know" the allowed function names, so "arbitrary" is ment from the perspective of JavaScript, because I can use a generic function to "communicate" with the framework.

I mentioned that it is posible to define exceptions in the security of the frameworks when using Ajax to send form data, but I allways thought that the weakest link in the chain determines whether my application will get hacked or not. Of course I know that text inputs accepts naerly arbitrary data and that I cannot trust this data, even when using the security mechanisms of the frameworks.

Please excuse that I mix some PHP related stuff in my jQuery question, but I think it is helpful to understand what goal I try to accomplish.

Many thanks in advance.
Greetings, John