使用主键/ ID字段作为URL中的标识符 [英] Using Primary Key / ID Field as an identifier in a URL
问题描述
将数据库主键用作URL标识符有什么优点和缺点?例如, http:// localhost / post / view / 13 - 13是我的主要关键帖子表。
What are the pros and cons of using your databases primary key as a URL identifier? As an example, http://localhost/post/view/13 - 13 being my primary key for my posts table.
一些像reddit这样的网站使用我假设的唯一ID,不是主键,但仍然是唯一的帮助标识链接:
Some sites like reddit use what I assume is a unique id that is not the primary key but still unique to help identify the link:
http://www.reddit.com/r/funny/comments/7ynin/the_mystery_of_irelands_worst_driver/只要/ 7ynin /相同,您可以将URL的最后一部分更改为任何所需。
You can change the last part of the URL to whatever you want as long as the /7ynin/ is the same.
Digg似乎使用一个链接标题来标识链接:
Digg seems to use a slug of the links title to id a link:
http://digg.com/space/Liquid_Water_Recently_Seen_on_Mars
如果我正确回忆一下,默认WordPress安装会使用index.php?p =#作为其id,直到启用了花哨的URL。
While if i recall correctly a default WordPress install uses index.php?p=# as their id until fancy urls are enabled.
我可以看到为什么搜索引擎优化您希望获得最多信息的URL可能,但我只是想看看如果使用主键是安全风险或简单的错误形式。
I can see why for SEO's sake you would want to have the most informative url possible but I am just trying to see if using the primary key is a security risk or simply just bad form.
推荐答案
您总是希望向用户介绍一个好的网址 - 不是一些令人讨厌的自动生成的ID。但我不认为你应该说友好的url是主键。您仍然应该使用经典自动递增的数字PK,并且有一个唯一的友好的URL的第二列。为什么?
You always want to present the user with a nice URL-not some nasty auto-generated ID. But I dont think you should make said "friendly url" the primary key. You should still use a "classic" auto-incremented, numeric PK and have a second column that is a unique "friendly url". Why?
- 所有评论表,评分
表,无论与您的内容表有
关系的表
可以使用数字主键。
这意味着更小的索引和更低的
内存使用。 - 有人会想要
更改友好的URL。如果你有
得到一个数字主键,你不需要
更新你的任何依赖的
表(或者通过
级联更新DB) - 将来,
您可以将URL
的URL抽出到另一个表中。所述表可以
然后存储旧URL映射
,发布重定向到主
真实URL映射。然后当用户
想要更改友好的URL时,
您不必打破所有的
入站旧版网址。如果您的主键是
友好的URL,则无法执行
。 - 我仍然会倾向于使用所有我的数字主键AJAX goo(例如,post_new_comment()javascript函数将占用主键,而不是一些友好的URL)。我唯一一个使用友好网址的时间是任何面向用户的网址结构。
- 至于安全性?如果您的内容受到访问控制,您将不得不检查访问,无论它是主键还是一些友好的URL。
- 如果您允许通过主键访问内容,人们可能会尝试插入随机ID。如果您的要求不仅限制了对内容的访问,而且拒绝说内容存在,那么您的错误就是这样的一个问题。它与登录失败一样 - 你不要说用户名未找到,你说坏的用户名或密码。插入随机值以查找内容将会成为您采取的任何方法的一个问题,只是使用数字键有更少的值尝试。
- All the comment tables, ratings tables, whatever tables that have a relationship with your content table can use the numeric primary key. This means smaller indexes and lower memory use.
- Somebody will want to change the friendly url. If you've got a numeric primary key, you don't have to update any of your dependent tables (or have the DB do it via a cascading update).
- In the future, you can abstract out the URL bits into another table. Said table can then store "legacy" URL mappings that issue redirects to the primary "real" URL map. Then when the user wants to change the friendly URL, you don't have to break the all the inbound legacy URL's. Couldn't do this if your primary key was the "friendly URL".
- I'd still be inclined to use the numeric primary key in all my AJAX goo (for example, a post_new_comment() javascript function would take the primary key, not some friendly URL). The only time I'd use the friendly URL is in any user-facing URL structure.
- As for security? If your content is access controlled, you are gonna have to check access no matter if it is the primary key or some friendly URL.
- If you allow ways to get to the content via the primary key, people might try plugging in random ID's. If your requirement for not only limited access to content, but the denial said content exists, it is a matter of the phrasing of your errors. It is the same as with login failures--you dont say "username not found" you say "bad username or password". Plugging in random values to find content is gonna be a problem for any approach you take, it is just that with numeric keys there is way fewer values to try.
底线:友好网址?地狱是啊使用它们作为主键?地狱号
Bottom line: Friendly URL's? Hell yeah. Using them as the primary key? Hell no.
这篇关于使用主键/ ID字段作为URL中的标识符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
