current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 3 down vote favorite

I'm trying to figure out what the best way to do this is.

I have a part on my website where people can search for a particular card based on multiple different factors. Like the name of the card, color, cost, etc. When the user types in the criteria, I send the information via ajax GET. So the url looks something like this: 

http://sitename.dev/search?query=asdf&color=red&etc=

The good thing is, the above provides a url so the user can easily copy paste and share the results with friends. The not so good part is, it's not so good for search engine optimization.

First question: How do I make these type of links good for SEO and is this secure? It seems like it would be easy to inject code?

Second question:

After getting the corresponding input from the user, I have the following in my SearchController to deal with the input:

public function postSearchResults() {
        $searchStr = Input::get('query');
        $color = Input::get('color');
        $etc = Input::get('etc');

        $query = DB::connection('mysql')->table('cards')
            ->where('name', 'LIKE', '%'.$searchStr.'%')
            ->where('color', 'LIKE', '%'.$color.'%')
            ->where('etc', 'LIKE', '%'.$etc.'%')
            ->get();

        return parent::ajaxView('results', compact('query'));
}

Is the above secure or is there something I should do in addition to make it secure?

share|improve this question
up vote 1 down vote

First question: How do I make these type of links good for SEO

I can't confidently say that it's bad in its current state as I'm not too clued up on SEO, see this link for some more info http://webmasters.stackexchange.com/questions/15393/is-a-url-with-a-query-string-better-or-worse-for-seo-then-one-without-one

I'm guessing if you wanted to make it somewhat more human and or seo friendly you can set your route up as so:

Route::get('{search}/{color}/{etc}', [
  'uses' => 'SearchController@postSearchResults'
]);

Then you'd need to add some parameters to the controller:

public function postSearchResults($search, $color, $etc) {

        $query = DB::connection('mysql')->table('cards')
            ->where('name', 'LIKE', '%'.$search.'%')
            ->where('color', 'LIKE', '%'.$color.'%')
            ->where('etc', 'LIKE', '%'.$etc.'%')
            ->get();

        return parent::ajaxView('results', compact('query'));
}

Note: you may want to change your method name to getSearchResults() instead of postSearchResults(), as you are using the GET ajax method when calling the route, right?

and is this secure? It seems like it would be easy to inject code?

From the Laravel Documentation: http://laravel.com/docs/5.0/queries#introduction

Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.

Second question: After getting the corresponding input from the user, I have the following in my SearchController to deal with the input:

... your code

Is the above secure or is there something I should do in addition to make it secure?

I'd like to think it's pretty secure based on what is aforementioned regarding how the query builder works.

Finally, don't consider this a complete answer. I'd definitely do some more digging around or maybe someone with more knowledge will come and post another answer! All the best!

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.