What is Ajax ? How does it work ? How to use it ? What are the performance and security concerns and how to avoid them ?
AJAX is the acronim of Asyncronous Javascript and XML
The idea behind the acronim is specifically based in the "Asyncronous" term, because it can load HTML and XML asyncronously, preventing a lot of Client-Server round trips.
In other words with AJAX you don't need to reload the page each time something changes in it.
Here are several very good virtual labs on AJAX. If you do those, you will have a very good idea of what AJAX is and why it's useful.
AJAX is a term to describe a process of using client-side JavaScript to request data from a remote server. It allows for dynamic webpages that don't necessarily require user input or traditional browser navigation to add dynamism to a website. It makes the development of client side applications that run in a browser feasible. It can lead to rich and responsive user intefaces like this site, and complex applications such as Google Docs.
Ajax is as secure as any other html form, it is just that the submission can happen behind the scenes, so the user can continue to do something else, and when the new data comes in, or their request is processed, then they can get the information.
Unfortunately many people still wrote unsecure forms, so the problems are multiplied with ajax as there are many more form requests.
Using GET action for anything that will modify a database is bad as those links can be clicked by web spiders, so a simple thing is to decide when you need get, and in most cases use POST, and validate every input from the browser, as it should be suspect until the server has validated it.