Is there a way to safely transfer a mysql query from one page to another?

Question

Is there a way to safely transfer a mysql query from one page to another?

Basically, I have a list of items that are generated by mysql query and are limited to only 5 items. I want to add a “more” link at the bottom, which will lead the user to a page that will display the same list, but does not have a limit of 5 elements. Usually I passed a set of parameters to the “more” page, which I could use to recreate the request, but due to the fact that the list can be generated by a large number and variety of requests, it is very difficult.

So they are wondering if there is a way to safely and easily transfer the entire mysql query from one php page to another. For example, is there a way to do this when you click the link, the request is stored in some data files with the identifier assigned to it, and then you just need to transfer the identifier to the next page.

+4

php mysql

user1373823 Aug 08 '12 at 3:26

source share

3 answers

Amber · Answer 1 · 2012-08-08T03:30:38+0000

A “safe way to transfer a request from one page to another” is to not transfer it at all. Processing requests in the form of data and transferring them between pages is a very good way to accidentally create security vulnerabilities.

Your logic for generating the request already exists, so just make that logic available on both pages. This is usually done using a require() file with common code in the files for both pages.

Alternatively, simply add a parameter to the page that is already generating a request to show the full set of elements, and not just a subset - you do not need to have a completely separate page.

Ja͢ck · Answer 2 · 2012-08-08T03:30:08+0000

You can use sessions to transfer data without "speeding up" the area.

Since queries can come from many places, you may need to index the data using some arbitrary identifier key and pass this to the URL.

Update

If the site is publicly accessible (i.e. no login required), sessions prevent the page from being shared with anyone else.

In this case, you should have a way to identify all your queries using either the database or the code base itself (possibly using a naming convention); parameters are then sent via request parameters.

Will hartung · Answer 3 · 2012-08-08T03:31:40+0000

If you cannot use sessions, encrypt the request with the private key, base64 encode it and place it in a hidden input field on the page.

Is there a way to safely transfer a mysql query from one page to another?

More articles: