This is a nice series. Security is such an important. I am also agree with the comments above especially AJAX, that does not cause a larger Attack Surface. See more here http://www.whitehatsec.com/home/resources/articles...

about security and hope it helps.

AJAX also reduces security and privacy for the person using the web page in the following subtle way.

In the old synchronous model, one typed information into a web form, checked it for accuracy, relevance, etc., edited it if desired, and then pressed a submit button which sent it on its way.


_

Jango, Here are some prerequisite

Before you go INTO the AJAX stuff, I want to share with you the random images script and how that works. It's a really simple PHP script that looks for images inside a directory located on my web server and then selects a random one and outputs an image tag for the HTML. This is called random_icons.php and its placed in my DocumentRoot. Here's a look at this script:
Code Example: (!)

<?php
$files = array();
if ($handle = opendir($_SERVER['DOCUMENT_ROOT'].'/dc_icons/')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
$files[] = $file;
}
}
closedir($handle);
}
echo '<img style="width:200px; height:150px;" src="/dc_icons/'.$files[rand(0, count($files) - 1)].'" alt="Our Facilities" />';
?>

Notice that the directory where the random images are located is: dc_icons under my DocumentRoot. If you were to access this file directly FROM your browser, you would get a random picture every time. Nothing too dramatic about that. Here's the actual output script on our server: http://www.serverpowered.com/random_icons.php,
http://www.fixturesandfurnitures.com/candle-holder....

Thanks Kharl, that was a nice explanation. Now, I understand how the random icons script works.

But how I spiced up using AJAX?

Thanks guys. Thanks for the prerequisite sample by Jango. All of you are genius. This helps me a lot :)