curiouswebster
asked on
Passing data in the URL params
Sometimes, I need to pass data in the URL. Is this considered bad practice?
Something like:
URL: https://mydomain.com/mailing?fc=123&uc=456&fname=TERESA&lname=LINDSEY
What are my options?
And what about creating a "blob" on characters and passing that in? It will be my PHP on the receiving end, so I could easily encode and decode this.
Thanks
Something like:
URL: https://mydomain.com/mailing?fc=123&uc=456&fname=TERESA&lname=LINDSEY
What are my options?
And what about creating a "blob" on characters and passing that in? It will be my PHP on the receiving end, so I could easily encode and decode this.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To properly answer this question we need to look at how URL's are meant to be used.
HTTP requests are based on Verbs
GET, POST, PUT, DELETE, etc
These Verbs have meaning
GET - retrieve a resource from the server
POST - create a new resource
PUT - update a resource
DELETE - remove a resource
And so on.
When we request a resource from the server (GET) it can be as a simple request
Likewise when we want to create a data item on the server we would issue a POST and put the data we are wanting to update in the body of the message in whatever format the receiving script is expecting (JSON, Form Encoded, XML, etc)
When we use one Verb to perform an operation that is technically in the domain of another Verb (for instance using a GET to update or create a resource on the server) this is considered bad practice.
If the example you gave above is to retrieve information then not only is it not bad practice, in many cases it is necessary to ensure that the right data is retrieved.
HTTP requests are based on Verbs
GET, POST, PUT, DELETE, etc
These Verbs have meaning
GET - retrieve a resource from the server
POST - create a new resource
PUT - update a resource
DELETE - remove a resource
And so on.
When we request a resource from the server (GET) it can be as a simple request
http://mydomain.com/mypage.html
Or it can be parameterisedhttps://mydomain.com/myscript.php?name=bob&status=active
In the second case the parameters are used to help the script determine what information to send back.Likewise when we want to create a data item on the server we would issue a POST and put the data we are wanting to update in the body of the message in whatever format the receiving script is expecting (JSON, Form Encoded, XML, etc)
When we use one Verb to perform an operation that is technically in the domain of another Verb (for instance using a GET to update or create a resource on the server) this is considered bad practice.
If the example you gave above is to retrieve information then not only is it not bad practice, in many cases it is necessary to ensure that the right data is retrieved.
ASKER
In my case, I want to make a POST, but pass in the data (URL params) which I need to insert into the database.
ASKER
@Sam Jacobs.
Don't you mean to filter the input params to block SQL Injection attacks?
Don't you mean to filter the input params to block SQL Injection attacks?
Yes. For example, make sure there are no JavaScript tags.
n my case, I want to make a POST, but pass in the data
Why do you want to do it this way?
For a detailed description of XSS, see this link.