CODEWITHSUNDEEP
phpjavascriptsqlmysqlhtml
user188962
user188962

Reputation:

"Remember" last three MySql queries; Cookie, passed variable or other method?

I have a classified website, with pretty sophisticated searching, and I am about to implement a function where the last three queries is displayed for the user, so that the user can go back easier through the queries. This because for each query the user has to provide a lot of input.

I have four questions for you:

  1. I wonder, how can I save the actual query (SELECT * FROM etc etc)...?
  2. Do I need to add some form of encryption to be on the safe side?
  3. How will this affect performance? (I don't like the fact that cookies slow websites down)
  4. Anything else to think about?

If you need more input, let me know...

Btw, the website is PHP based.

Thanks

Upvotes: 2

Views: 297

Answers (3)

troelskn
troelskn

Reputation: 117595

The browser already has a feature called history. When the user clicks the "back" button, the browser will load the previous page. You should rely on this functionality, rather than trying to reinvent the wheel.

Upvotes: 1

soulmerge
soulmerge

Reputation: 75744

You basically want an undo feature with 3 levels. I would recommend storing each query you execute in an array and reducing that array's size to three afterwards. Very basic implementation (to further explain the idea, this is in no way debugged or feature-complete):

function query(&$queue, $mysqli, $sql) {
    if (isset($queue[2])) {
        $queue[0] = $queue[1];
        $queue[1] = $queue[2];
        unset($queue[2]);
    }
    $queue[] = $sql;
    return $mysqli->query($sql);
}

You can use the queue to display the queries to the user or jump back (don't forget to update the queue if you do that) or whatever else you need.

I wouldn't send the queries via cookies, but rather store them in the session and display them to the user if he needs it - otherwise he will send you arbitrary sql statements - like INSERT INTO user (username, password, isadmin) VALUES (... - with his $_COOKIEs (users can forge cookies - very easily).

Btw: never think about performance in PHP until you're finished - it is so much easier to optimize clean code to bug-fix optimized code. Implement first, measure later. If this turns out to be a bottleneck, start thinking about optimizations.

Upvotes: 0

Adam Hopkinson
Adam Hopkinson

Reputation: 28795

I wouldn't save the actual queries - what if the user managed to edit one?

Either save the url of the 3 previous results page (assuming you're validating your input variables, this should be safer) or save the query in the database with a unique key, then use the key as reference rather than the query.

Upvotes: 0

Related Questions