6 AJAX Rules To Live By
AJAX to Enhance, Not to Function
Always Let the User Know What's Going On
There's nothing worse than clicking something and seeing nothing happen for two seconds. Users are used to click and go, or at least click and watch the progress bar move. Remember that AJAX is a relatively new technology -- if the user sees nothing happen, they believe your website is broken. I suggest using an unobtrusive message that fades in and out gracefully.
You Did It With AJAX? Cool! Who Cares?
Face it -- For most websites, 90+ percent of users don't know what AJAX is or why it's cool. I appreciate a good AJAX script, but does anyone else? Likely not. Unless you have a website geared towards Web Professionals, do your users a favor and hide your "Made Using AJAX" message. I don't care what voodoo magic you use as long as the website functions.
AJAX at the End
Delivering the web project is the number one goal, so add your AJAX functionality toward the end of the project or after the website is done. Sure, AJAX can save a page refresh, but users are used to the old-fashioned way, waiting or not. I can't imagine your customer being satisfied with "It's not done, but look at how this box gets updated without the page being refreshed!" I'll take a working, old-fashioned (actually, standard is probably a better word) website with the promise of AJAX later over a late project any day.
The Security Rules Still Apply
The URL of your AJAX may be hidden in your code so that most users don't see it, but I bet you I can find it. If it can be found, it can be exploited. Don't assume that because you made your web form or page code bulletproof that a user can't manipulate your script. Make sure to scrub the GET and POST variables before doing any AJAX script processing.