By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,638 Members | 2,249 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,638 IT Pros & Developers. It's quick & easy.

Building GET query strings

P: n/a
I am currently building a sports web application and have run into a
design question.

In order to create a new coach record, there are two pieces of
information that are needed: 1) username 2) team_id

It seems to me that the best way to do this is to break the problem
into two parts. First, search for the username and append that to the
URL: http://www.mysite.com?username=john

Next, I would present the user with another search box to search for a
team and then add '&team_id=1' to the GET url. The final URL should
look something like
http://www.mysite.com?username=john&...ction=addcoach

Does anyone know of a good example out there for doing this in a
methodical and elegant fashion?
Marc

Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
I would suggest not using GET... especially if the strings can add or
remove records to a datatbase... Major security issue... what is
stopping someone from overloading your DB with false entries?? I would
think it better to POST everything with some sort of authentication to
keep the process more secure

Jul 17 '05 #2

P: n/a
I would suggest not using GET... especially if the strings can add or
remove records to a datatbase... Major security issue... what is
stopping someone from overloading your DB with false entries?? I would
think it better to POST everything with some sort of authentication to
keep the process more secure

Jul 17 '05 #3

P: n/a
Security shouldn't be an issue since there is a separate authentication
module which checks the status of the logged in user before doing any
work.

What I am trying to do is to build an administration screen where an
admin user is able to associate a username with a team through a coach
record. I am looking for advice as to whether finding the team_id,
appending it to the URL, then finding the username and appending it to
the URL is the best way to do this. I would like to avoid cookies and
sessions if possible.

Any examples of finding records in using retreived data from two tables
to create an associative record would probably be helpful.

Jul 17 '05 #4

P: n/a
.oO(EnglishMan)
I would suggest not using GET... especially if the strings can add or
remove records to a datatbase... Major security issue... what is
stopping someone from overloading your DB with false entries?? I would
think it better to POST everything with some sort of authentication to
keep the process more secure


While I also would recommend to use POST in this case, don't rely on its
"increased security". There is none. A user who knows what he's doing
can send a faked POST request as well as a faked GET quite easily.

Micha
Jul 17 '05 #5

P: n/a

"me******@REMOVESPAM.gmail.com" <me******@gmail.com> wrote in message
news:11*********************@z14g2000cwz.googlegro ups.com...
I am currently building a sports web application and have run into a
design question.

In order to create a new coach record, there are two pieces of
information that are needed: 1) username 2) team_id

It seems to me that the best way to do this is to break the problem
into two parts. First, search for the username and append that to the
URL: http://www.mysite.com?username=john

Next, I would present the user with another search box to search for a
team and then add '&team_id=1' to the GET url. The final URL should
look something like
http://www.mysite.com?username=john&...ction=addcoach

Does anyone know of a good example out there for doing this in a
methodical and elegant fashion?
Marc


Just stick the variables into hidden fields. If the form method is GET, then
the browser will automatically create the right URL.
Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.