Home » , » Query Strings

Query Strings

03:38
Query string data is very easy for the user to alter, because it ’ s visible and editable within the browser ’ s
address bar. Therefore, query strings should be used only in situations where sending incorrect data
won ’ t compromise security.

You also need to make sure you don ’ t rely on query strings to authenticate users, because people often
send URLs to friends in emails or instant messaging applications. If your URL contains all the data
needed to authenticate a user, and that user sends the URL to a friend, then the friend can pretend to be
them! You ’ ll find that sessions — discussed later in the chapter — are a much better way of authenticating
users.
If you ’ ve worked your way through Chapter 9 , you ’ re already somewhat familiar with the concept of
query strings. You ’ ll remember that you can embed sent form data in a URL by setting the form ’ s
method attribute to get . When the form data is sent to the server.

http://localhost/iscript.php?firstname=Tred & lastname=Fish& ...

the browser adds a query ( ? ) character to the end of the URL, then follows it with each
of the form fields as “name=value” pairs, with each pair separated by an ampersand ( & ).
Categories: ,
Related Posts:
  • Database Backups using mysqldump The MySQL server, and mysql, the MySQL client, a MySQL installation comes with many useful utility programs. We have seen mysqladmin, which is responsible for the control and retrieval of information about an operati… Read More
  • Relational Databases-MySQL MySQL is a relational database. An important feature of relational systems is that a single database can be spread across several tables as opposed to our flat-file phone book example. Related data is stored in separat… Read More
  • Why MySQL Database? MySQL has its own client interface, allowing you to move data around and change database configuration. Note that you must use a password to log in. Assigning database users allows you to limit access to server tables … Read More
  • Create the months table With MySQL Create the months table as follows: CREATE TABLE months ( month_id INT NOT NULL AUTO_INCREMENT, month VARCHAR (20), days INT, PRIMARY KEY (month_id));      To add the months to the new table, s… Read More
  • Advantages of Using PHP with MySQL Advantages of Using PHP with MySQL   There are several factors that make using PHP and MySQL together a natural choice: PHP and MySQL work well together PHP and MySQL have been developed with each other in … Read More
  • Advanced SQL Many of the features shown in this chapter are specific to MySQL's version of SQL. For example, MySQL's functions are useful tools for working with strings, dates and times, and math. Also, we'll show some w… Read More
  • Linking Affects the Speed of MySQL Most of the following tests are done on Linux with the MySQL benchmarks, but they should give some indication for other operating systems and workloads. You get the fastest executable when you link with -static. On Linux, yo… Read More
  • Basic MySQL Basic MySQL Create or Drop a Database Starting with something simple, you can use the CREATE command to create a new database. The syntax is CREATE DATABASE IF NOT EXISTS [yourDBName]; When you create a database wit… Read More
  • Backing Up and Restoring Data MySQL Even the best maintained databases occasionally develop problems. Hardware failures, in particular, can really throw a monkey wrench into your web pages. Now that you're using a database, just backing up the files (HTM… Read More
  • LOAD DATA INFILE statement MySQL LOAD DATA INFILE provides an alternative to INSERT for adding new records to a table. With INSERT, you specify data values directly in the INSERT statement. LOAD DATA INFILE reads the values from a separate datafile.The… Read More
  • mysql_query-executes query mysql_query function  executes query on the default database, set using mysql_select_db() or by a previous query using mysql_db_query(), on the MySQL server connection referenced by connection . If no connection … Read More
  • Managing the Database Creating Users To create users above and beyond the default privileged root user, issue the grant command. The grant command uses this syntax: GRANT PRIVILEGES ON DATABASE.OBJECTS TO'USER'@'HOST' IDENTIFIED BY 'PASSWORD… Read More
  • Table Types-MySQL MyISAM is the default table type in MySQL Version 3.23. It's based on the ISAM code andhas a lot of useful extensions. The index is stored in a le with the .MYI (MYIndex) extension, and the data is storedin a le with the .… Read More
  • PHP-Database-Basics-DB-Arrays Adding MySQL to PHP and combining the applications for your dynamic web site is a great start. But, it helps tremendously to structure your database right. We'll give you a solid understanding of both database de… Read More
  • Running MySQL on Windows MySQL supports TCP/IP on all Windows platforms and named pipes on NT. The defaultis to use named pipes for local connections on NT and TCP/IP for all other cases if theclient has TCP/IP installed. The host name speci es whic… Read More