Have Geek Brain

"Remember" the last three MySql queries; Cookies passed in a variable or other method?

I have a classified website with a fairly complex search, and I'm going to implement a feature where the last three queries are displayed to the user so that the user can more easily come back through the queries. This is because the user has to provide a lot of input for each request.

I have four questions for you:

  • I wonder how I can store the actual query (SELECT * FROM etc) ...?
  • Do I need to add some form of encryption to be safe?
  • How will this affect performance? (I don't like the fact that cookies slow down sites)
  • What else to think about?

If you need more input, let me know ...

Btw, the website is PHP based.

thanks

+2


a source to share


3 answers


The browser already has a feature called history. When the user clicks the back button, the browser loads the previous page. You should rely on this functionality instead of trying to reinvent the wheel.



+1


a source


You basically want a three-level undo function. I would recommend storing every request you make in an array and then reducing the size of that array to three. Very simple implementation (to further explain this idea, this is by no means debug or full functionality):

function query(&$queue, $mysqli, $sql) {
    if (isset($queue[2])) {
        $queue[0] = $queue[1];
        $queue[1] = $queue[2];
        unset($queue[2]);
    }
    $queue[] = $sql;
    return $mysqli->query($sql);
}

You can use a queue to display requests to the user or refund (remember to update the queue if you do) or whatever else you need.



I would not send requests via cookies, but rather store them in the session and display them to the user if he needs one, otherwise it will send you arbitrary SQL statements, for example INSERT INTO user (username, password, isadmin) VALUES (...

with his $ _COOKIE (users can smoke cookies - very easy) ...

Btw: never think about performance in PHP until you're done - it is much easier to optimize clean code to optimize optimized code. First, take the measurement first. If this turns out to be a bottleneck, start thinking about optimization.

0


a source


I wouldn't store the actual queries - what if the user was able to change one?

Either store the URL of the 3 previous pages of results (if you are validating your input variables, it should be safer), or store the query in the database using a unique key, and then use the key as a link rather than a query.

0


a source






More articles:


All Articles