Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are some techniques for stored database keys in URL

Tags:

database

I have read that using database keys in a URL is a bad thing to do.

For instance,

My table has 3 fields: ID:int, Title:nvarchar(5), Description:Text

I want to create a page that displays a record. Something like ...

http://server/viewitem.aspx?id=1234
  1. First off, could someone elaborate on why this is a bad thing to do?

  2. and secondly, what are some ways to work around using primary keys in a url?

like image 625
Mashed Potato Avatar asked Mar 01 '23 07:03

Mashed Potato


1 Answers

I think it's perfectly reasonable to use primary keys in the URL.

Some considerations, however:

1) Avoid SQL injection attacks. If you just blindly accept the value of the id URL parameter and pass it into the DB, you are at risk. Make sure you sanitise the input so that it matches whatever format of key you have (e.g. strip any non-numeric characters).

2) SEO. It helps if your URL contains some context about the item (e.g. "big fluffy rabbit" rather than 1234). This helps search engines see that your page is relevant. It can also be useful for your users (I can tell from my browser history which record is which without having to remember a number).

like image 161
mopoke Avatar answered Apr 02 '23 10:04

mopoke