Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Why do this? Any logic that you implement in the template is accessible to you in the controller of your app, including any variables that you place in the template context. </p> <p>If the data has been changed due to interaction with the user, then the best way to retrieve data, in my opinion, is to set up a form and use the normal POST method to send the request and the required data, correctly encoded and escaped, back to your program. In this way, you are protected from XSS issues, among other inconveniences. I would never do any processing in a template, and only use any local logic to modify the presentation itself.</p> <p><strong>EDIT Taking into account your scenario, I suggest the following:</strong></p> <ol> <li>User presses a button on a page and invokes a Get handler </li> <li>Get handler queries a database and receives a list of images <em>the list is cached, maybe in a memcache and the key is sent with the list of images encoded as a parameter in the GET URL displayed by the template</em></li> <li>List of images get passed to the template engine for display </li> <li>Another button is pressed and a different Get handler is invoked <em>using the key received encoded in the GET URL, after sanitising and validation, to retrieve the cached list</em></li> </ol> <p>If you don't want the intermediate step of caching a key-value pair, you may want to encode the whole list in the GET URL, and the step of sanitising and validation should be as easy on the whole list as on a key to the list. Both methods avoid a round trip to the database, protect you from malicious use, and respect the separation of data, presentation, and logic.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload