Reputation: 809
Can I prefix with $ (dollar sign) my URL query string parameters safely?
I am starting to implement filtering through query strings in my API REST application where I can perform filtering on any field passed to a entity in my database. But there are especial parameters that I want to differentiate like; sort, page, direction, etc from the rest of fields that will be used to filter the collection.
I want to avoid using an implementation like:
/?filters=field1:value1,field2:value2&page=3&per_page=50
Because I will need to make a custom parser to the filters value.
My desired structure is something more plain, like this:
/?lastname=Halden&country=somewhere&$sort=lastname
So, all the properties that aren't prefixed with $ are used to make the filter and the other properties with the prefix are used to tweak the result.
My actual question is that if it is safe?. If there can exist a problem in the moment to parse the whole query string in some libraries.
Upvotes: 2
Views: 4152
Answers (1)
Related Questions
- OK to skip slash before query string?
- Should I url encode a query string parameter that's a URL?
- What is the proper way to separate query string parameters in a url?
- REST GET query parameter advice
- Is it sensible to automatically URL encode query parameters in a string?
- Should I encode names of parameters in a query string of a URI?
- Are there any security implications of identifiers in URL path elements?
- Is it bad practice to allow specifying parameters in URL for POST
- Is it correct to have the query parameters directly after a slash in a URL?
- In a RESTful API, what is the appropriate use of slash-separated and query string parameters?