Posted by coolsti on 08/22/05 14:39

Regardless of whether your database is read only or not, sending the query
as a part of the URL is not a very good idea. Your database may be read
only today, but may not be tomorrow. Or someone can figure out some other
nice hack.

If you are using PHP and scripting anyway, why not have your php script
create the query statement. The script can take input in the form of POST
or GET variables, and based on this input form the correct query.

Simple example:

http://somewhere.com?mode=4

and then you have in your PHP code some snippet, like a switch statement:

$mode = trim($_GET['mode']);
switch ($mode)
{
case 1:
break;
case 4:
$query = " ...... " // your query here break;
default:
}

You can add extra variables as well if needed.

This technique would be far better from a programming standpoint, and then
you won't have the issues that you are having currently.

[Back to original message]