Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello forum members,

 

I need some advice with regards to query string lengths.

 

I am allowing users to filter records via form inputs such as checkboxes and radio buttons. The form has quite a few categories and I'm worried that the query string might become too long. I could pass integers instead of strings but from a useability standpoint it's probably better to use strings so people can "read" the URL. But again, if the query string becomes too long, the entire URL does not show in the browser - so that also doesn't help much.

 

I tested one website by making as many selections as I could and an error message appeared, something about "server" and "limit". I can't recall the exact message. Is an error message the worst that can happen if the query string exceeds a specific length?

 

 

Your thoughts?

 

Thank you.

Link to comment
Share on other sites

I've never heard of any limits, but if there are, they are very likely much longer than anything you need to worry about. If you look at the URL of an average Google or Amazon search, you'll quickly realize that their query parameters are much longer than anything you will likely do.

 

Also, while I don't think it's necessary, if you want to use numbers instead of strings, you could pass strings for the query parameters in the URL, and then map those strings to numbers in the receiving PHP script before performing the actual DB query.

Link to comment
Share on other sites

Two things will happen if the query string is too long. One is the server error, which is actually bad (in that users shouldn't see that). The other is that your filtering won't work as to be expected. 

 

My inclination is that if you have such a complex form that the query string could be that long, then it's not a typical search that might be bookmarked and passed around. Therefore, using POST and sessions might be better, or going to Ajax.

Link to comment
Share on other sites

Hi HartleySan and Larry,

 

thank you both for replying to my thread. I am going to have a look at what some of the bigger sites are doing with regards to query strings.

 

 

 

Two things will happen if the query string is too long. One is the server error, which is actually bad (in that users shouldn't see that).

 

Bad from a user-experience standpoint for sure, but is there a security risk as well? The error message I encountered did not have any details that could be used for "bad" purposes, but perhaps this depends on the host/server?

 

I am using pagination so using sessions wouldn't be the best idea?

 

 

Thanks again.

Link to comment
Share on other sites

If you're using pagination, I think that's even more of an argument for using sessions. As for the server error, security concerns aside, it's never a good idea for any user to see any error message that's not the result of their own failure.

Link to comment
Share on other sites

 Share

×
×
  • Create New...