passing a unique identifier on the querystring

Forum Moderators: phranque

Message Too Old, No Replies

passing a unique identifier on the querystring

is this the best thing to do?

Jimmy Turnip

2:11 pm on May 31, 2005 (gmt 0)

I'm currently passing an id for each event on the querystring like so:

www.example.com/event.html?eventid=4

But i'm considering changing this to the unique identifier for the event so it would appear something like:

www.example.com/event.html?ui=44429629-AA9A-423F-AQAF-F50137F49FA3

I can't decide which is the best practice. Is having a long querystring like this going to affect the spidering of my site? Does having an event id make my database seem too transparent?

Having a shorter querystring must make the pages more user friendly, but is having users able to 'hack' the querystring good practice?

Any suggestions or advice are appreciated.

Crispix

10:19 pm on May 31, 2005 (gmt 0)

As long as you are preventing SQL injection by properly escaping values taken from the querystring, it's probably better to just use "eventid=4":

1. Easier to debug
2. SQL is much faster querying on primary keys instead of GUIDs

I don't see any downside to displaying database ids in querystrings for most websites. Heck, even eBay uses this method for its ItemNumbers!

Easy_Coder

10:37 am on Jun 1, 2005 (gmt 0)

depends on what the guid represents...

are you using the guid as a unique shopperid or something like that? If you are and it uniquely displays a customers information then you might decide to do something else just so it's not out there.

Jimmy Turnip

1:33 pm on Jun 1, 2005 (gmt 0)

thanks people. I was simply going to use the guid instead of an id, but i think i'm gonna stick with the id. It's easier to deal with and if it's quicker to query an id i'll stick with that because there may be quite a bit of data.

I suppose it makes the address clearer if i use it in a circular email too.

Cheers.

txbakers

4:48 pm on Jun 1, 2005 (gmt 0)

I use IDs all the time in the query string, but the actual search is based on more than just the ID.

For example, www.example.com?id=12345 would represent a student. BUT, using Session variables, we also check which school, which user, etc. behind the scenes.

philbish

7:27 pm on Jun 1, 2005 (gmt 0)

Some other options:

www.example.com/event4
www.example.com/event/4

or depending on the characteristics of these "events" and whether they can have unique "names":

www.example.com/event/widget-toss
www.example.com/event/make-a-widget