Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it a bad practice to use a GET parameter (in URL) with no value?

Tags:

I'm in a little argument with my boss about URLs using GET parameters without value. E.g.

http://www.example.com/?logout

I see this kind of link fairly often on the web, but of course, this doesn't mean it's a good thing. He fears that this is not standard and could lead to unexpected errors, so he'd rather like me to use something like:

http://www.example.com/?logout=yes

In my experience, I've never encountered any problem using empty parameters, and they sometimes make more sense to me (like in this case, where ?logout=no wouldn't make any sense, so the value of "logout" is irrelevant and I would only test for the presence of the parameter server-side, not for its value). (It also looks cleaner.)

However I can't find confirmation that this kind of usage is actually valid and therefore really can't cause any problem ever.

Do you have any link about this?

like image 223
s427 Avatar asked Jan 07 '13 10:01

s427

People also ask

Do URL parameters need a value?

URL parameters are made of a key and a value, separated by an equal sign (=). Multiple parameters are each then separated by an ampersand (&).

Does a query parameter need a value?

Yes, it is valid. If one simply want to check if the parameter exists or not, this is one way to do so.

Are URL parameters bad?

URLS and query parameters aren't secure. They should never contain sensitive or important information (passwords, static shared secrets, private information, etc). It is asking for trouble, something we here at FullContact have discovered first-hand.

What characters are not allowed in a URL parameter?

These characters are { , } , | , \ , ^ , ~ , [ , ] , and ` . All unsafe characters must always be encoded within a URL.

1 Answers

RFC 2396, "Uniform Resource Identifiers (URI): Generic Syntax", §3.4, "Query Component" is the authoritative source of information on the query string, and states:

The query component is a string of information to be interpreted by the resource.

[...]

Within a query component, the characters ";", "/", "?", ":", "@", "&", "=", "+", ",", and "$" are reserved.

RFC 2616, "Hypertext Transfer Protocol -- HTTP/1.1", §3.2.2, "http URL", does not redefine this.

In short, the query string you give ("logout") is perfectly valid.

like image 108
Ignacio Vazquez-Abrams Avatar answered Oct 14 '22 01:10

Ignacio Vazquez-Abrams
Sign in to Comment

Related questions

Need help on Powershell Copy-Item from network drives
How to maintain dictionary in a heap in python?
touchesBegan, touchesEnded, touchesMoved for moving UIView
How to get all posts of a group via facebook graph api
I can't find "Restrict where this project can be run" in the configure page
new Date() in aggregate $project
Ways of unit testing data access layer
What's the difference between GHC and the Haskell Platform?
How is Reflection implemented in C#?
Remove item from List and get the item simultaneously
What is the difference between EOT and HTML? in PHP
How to go back to previous commit without losing last commit in Git?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!