So I started to make comments module and came to conclusion that I'm not sure how to better do the comment submitting. This is the code I've for comment submitting form.
<form action="/rq/comment.php" method="post" id="pcomment" onsubmit="return rq('/rq/comment.php', 'pcomment');">
<input type="hidden" name="pid" value="<?=$id?>">
<div class="add">
<div id="response" style="display:none;"></div>
<div style="border: 1px solid rgb(204, 204, 204); -moz-border-radius: 5px 5px 5px 5px;">
<textarea name="comment" rows="3" cols="50" style="border: 1px none transparent; width:98%;"></textarea>
</div>
<div style="display: block; overflow: hidden; margin-top: 5px;">
<a href="#" class="cbutton btgreen" onclick="">
<span>Comment</span>
</a>
</div>
</div>
</form>
First thing about which I wasn't sure is how to better make the submit button. Like a simple input with type submit or to make the link to submit the form on click. Is there any difference from security view?
After the form is submitted rq() is called which does a jQuery $.post() serializing the form and calling the url passed in rq().
On server side I will do a spam protection checking if ~30 seconds have passed since last comment was added by this user. The comment will be added for the user who's data is in session so I believe that replaces the token generating for form, or it doesn't? The comment will be added for article who's id is in hidden input field.