Duke Posted January 9, 2014 Share Posted January 9, 2014 Finished all scripts in book...participated in Boston PHP http://www.meetup.com/bostonphp/events/130131632/ ...great book and great self study....I think i rmeber reading about this but not sure...... when using $_GET['id'] in a mysql query...ie..WHERE user_id(primary key)= $_GET[id']...is this good practice?..or should I create another id in db specifically for a query..? Link to comment Share on other sites More sharing options...
HartleySan Posted January 9, 2014 Share Posted January 9, 2014 or should I create another id in db specifically for a query..? What does this mean? Link to comment Share on other sites More sharing options...
Duke Posted January 9, 2014 Author Share Posted January 9, 2014 Thank for the quick response....I was trying to type short hand to keep the ? brief......What i meant was...should I create another column strictly for use in $_GET['query_id'] querys.... My concern is that the primary key would display in the url......Its just that for some reason and I may be wrong... I remeber reading something about this....Thank you Link to comment Share on other sites More sharing options...
HartleySan Posted January 9, 2014 Share Posted January 9, 2014 I'm still not quite sure what you mean. You definitely want a primary key in most tables, and most of the time, performing a search query on that primary key is the best way to go. What does the primary key have to do with the URL? Link to comment Share on other sites More sharing options...
Duke Posted January 10, 2014 Author Share Posted January 10, 2014 Yes thank you..I have a primary key....I using primary key in url....in a link.....ie.....edit_user.php?user_id=1..."1" being the primary key.......I am using scripts similiar to scripts 10.1 & 10.3..edit use.....I think what I was trying to remember was not to use the column name in the url..ie in this case do not use edit_user.php?user_id=1..use a generic name ie edit_user.php?genericname=1....read it somewhere not sure where...thank you for your help Link to comment Share on other sites More sharing options...
HartleySan Posted January 10, 2014 Share Posted January 10, 2014 Oh, okay. I see what you're saying. Perhaps the recommendation to not use the column name is simply related to the fact that the less users know about your DB design, the better. All the same, I can't imagine it being an issue in this case, so long as you verify who users are and make sure they are not viewing information they should not be able to. Link to comment Share on other sites More sharing options...
Duke Posted January 10, 2014 Author Share Posted January 10, 2014 Yes ..I agree....the less info in the url the better....I like the POST way in the delete script..i think its script 10.4 Link to comment Share on other sites More sharing options...
Larry Posted January 15, 2014 Share Posted January 15, 2014 Hey Duke. Thanks for the nice words and kudos on doing PHP Percolate! Adding to what HartleySan said, the rule I would go with is: is it a problem if the user changes, say, 10, to 11? If the X refers to a page of content, then the user just accessed another page of content, which presumably they could through a link somewhere anyway. If it's an administrator, then they're just viewing record X instead of Y, which again they could probably get to honestly in other ways. But if it's a user viewing their own personal info (say, an update profile page), being able to change X to Y would be bad. Presumably, pages would have checks in place to limit access, but one can never be too careful. Keep in mind this also applies to cookies, which are easily hackable. Link to comment Share on other sites More sharing options...
Recommended Posts