If I were to take a query string from an incoming request HTTP request in a web application, store it directly in a MySql database, then use it later to re-build the original request url, would that be considered OK?
如果我要从Web应用程序中的传入请求HTTP请求中获取查询字符串,请将其直接存储在MySql数据库中,然后再使用它来重新构建原始请求URL,这会被认为是否正常?
I'm wondering if there are any "gotchas" like special characters or multi-byte characters on the query string that might require me to encode the data or something before storing it.
我想知道在查询字符串上是否有任何像“特殊字符”或“多字节字符”这样的“陷阱”,可能需要我在存储之前对数据进行编码。
Thank you in advance.
先谢谢你。
EDIT: My particular use case would be something like the following. Although my main concern is more about whether or not any special characters on a query string could cause unexpected problems.
编辑:我的特定用例将类似于以下内容。虽然我主要关心的是查询字符串上的任何特殊字符是否可能导致意外问题。
- User submits a form.
- During form processing, we determine that user needs to confirm their email
- We send the user an email for confirmation and store the original query string in database because we always want to carry through any query string parameters that were on the request.
- After the user confirms their email, we redirect them back to the original form url, and append the original query string to ensure query string parameters are carried through.
用户提交表单。
在表单处理期间,我们确定用户需要确认他们的电子邮件
我们向用户发送确认电子邮件并将原始查询字符串存储在数据库中,因为我们总是希望执行请求中的任何查询字符串参数。
用户确认其电子邮件后,我们将其重定向回原始表单URL,并附加原始查询字符串以确保查询字符串参数通过。
5 个解决方案
#1
4
I don't see anything inherently wrong with it, but it makes more sense to me to store the parsed out values instead of the data in querystring format. It might future-proof it a little more, for example if you changed the name of the query string parameters in your app at a later time.
我没有看到它本身存在任何错误,但我更有意义的是存储解析出的值而不是查询字符串格式的数据。例如,如果您稍后更改了应用程序中查询字符串参数的名称,它可能会进一步证明它的未来性。
Elaborating:
Instead of storing "?param1=A¶m2=B¶m3=C" into a field called "querystring" it would probably be better to store A, B, and C into three fields called "Param1, Param2, and Param3.
阐述:不是将“?param1 = A¶m2 = B¶m3 = C”存储到名为“querystring”的字段中,而是将A,B和C存储到称为“Param1,Param2和Param3”的三个字段中可能更好。
Update:
Based on the use case you added to your question, specifically the part about this data only needing to be stored temporarily until the user has confirmed their account, I don't think there is anything wrong with storing the query string in raw format. If you were intending long term storage of this info my original recommendation stands.
更新:根据您添加到问题中的用例,特别是关于此数据的部分只需临时存储,直到用户确认其帐户为止,我认为以原始格式存储查询字符串没有任何问题。如果您打算长期存储此信息,我的原始建议就是。
#2
1
I would be sure to use bindings on the queries stored.
我肯定会对存储的查询使用绑定。
INSERT INTO TABLE_OF_QUERIES (field1, field2, field3) VALUES (?,?,?);
#3
1
Why stop at the QueryString? If you want to save some of the header, why not save the entire header info including cookies, post data, etc..
为什么要停在QueryString?如果你想保存一些标题,为什么不保存整个标题信息,包括cookie,发布数据等。
#4
0
Not at all. I worked in a financial institution where every transaction that occurred were stored in a database, including the SQL query. This was used for transaction audit, used for auditing and report generation. Also, it gives good history of a user's transaction.
一点也不。我在金融机构工作,每个发生的事务都存储在数据库中,包括SQL查询。这用于事务审计,用于审计和报告生成。此外,它还提供了用户交易的良好历史记录。
#5
0
Depends on what for really.
取决于真正的东西。
If you're dealing with another server, and the query string is all you have to identify the request (well, the URI, but presumably you are banking on the rest being static, maybe check that assumption), then it's ideal to use what is essentially an identifier, as an identifier.
如果您正在处理另一台服务器,并且查询字符串是您必须识别请求的所有内容(嗯,URI,但可能您仍然认为其余部分是静态的,可能会检查该假设),那么它是理想的使用什么本质上是一个标识符,作为标识符。
If your code is on the server processing the query itself, then it won't be ideal for many purposes, though can be for logging and some caching uses.
如果您的代码在服务器上处理查询本身,那么它对于许多目的来说并不理想,但可以用于日志记录和一些缓存用途。
If your code deals with the actual parameters of the query, then probably not.
如果您的代码处理查询的实际参数,那么可能不会。
#1
4
I don't see anything inherently wrong with it, but it makes more sense to me to store the parsed out values instead of the data in querystring format. It might future-proof it a little more, for example if you changed the name of the query string parameters in your app at a later time.
我没有看到它本身存在任何错误,但我更有意义的是存储解析出的值而不是查询字符串格式的数据。例如,如果您稍后更改了应用程序中查询字符串参数的名称,它可能会进一步证明它的未来性。
Elaborating:
Instead of storing "?param1=A¶m2=B¶m3=C" into a field called "querystring" it would probably be better to store A, B, and C into three fields called "Param1, Param2, and Param3.
阐述:不是将“?param1 = A¶m2 = B¶m3 = C”存储到名为“querystring”的字段中,而是将A,B和C存储到称为“Param1,Param2和Param3”的三个字段中可能更好。
Update:
Based on the use case you added to your question, specifically the part about this data only needing to be stored temporarily until the user has confirmed their account, I don't think there is anything wrong with storing the query string in raw format. If you were intending long term storage of this info my original recommendation stands.
更新:根据您添加到问题中的用例,特别是关于此数据的部分只需临时存储,直到用户确认其帐户为止,我认为以原始格式存储查询字符串没有任何问题。如果您打算长期存储此信息,我的原始建议就是。
#2
1
I would be sure to use bindings on the queries stored.
我肯定会对存储的查询使用绑定。
INSERT INTO TABLE_OF_QUERIES (field1, field2, field3) VALUES (?,?,?);
#3
1
Why stop at the QueryString? If you want to save some of the header, why not save the entire header info including cookies, post data, etc..
为什么要停在QueryString?如果你想保存一些标题,为什么不保存整个标题信息,包括cookie,发布数据等。
#4
0
Not at all. I worked in a financial institution where every transaction that occurred were stored in a database, including the SQL query. This was used for transaction audit, used for auditing and report generation. Also, it gives good history of a user's transaction.
一点也不。我在金融机构工作,每个发生的事务都存储在数据库中,包括SQL查询。这用于事务审计,用于审计和报告生成。此外,它还提供了用户交易的良好历史记录。
#5
0
Depends on what for really.
取决于真正的东西。
If you're dealing with another server, and the query string is all you have to identify the request (well, the URI, but presumably you are banking on the rest being static, maybe check that assumption), then it's ideal to use what is essentially an identifier, as an identifier.
如果您正在处理另一台服务器,并且查询字符串是您必须识别请求的所有内容(嗯,URI,但可能您仍然认为其余部分是静态的,可能会检查该假设),那么它是理想的使用什么本质上是一个标识符,作为标识符。
If your code is on the server processing the query itself, then it won't be ideal for many purposes, though can be for logging and some caching uses.
如果您的代码在服务器上处理查询本身,那么它对于许多目的来说并不理想,但可以用于日志记录和一些缓存用途。
If your code deals with the actual parameters of the query, then probably not.
如果您的代码处理查询的实际参数,那么可能不会。