Re: link DB record through browser...

snehalapatil@xxxxxxxxx wrote:
Hi all,

I have a remote sybase database,I want to display links in web page
(browser) such that when user clicks on link ,actual record in that
sybase database table should be opend.
i.e. I want to connect actual database record to my web page through
Hyperlink.
So my question is ... how should I build the link?

The link will need to include some piece of information that identifies the record uniquely.

This could be the primary key of the table, which is usually an integer, so your link might look like

http://www.example.com/myapp/getrecord.php?id=1234

There's one drawback with this method, though. Hackers will quickly figure out that 1234 is a primary key in the underlying database, and they will try substituting other numbers in order to access other records in your database. You probably don't want them to do this.

To solve this problem, add another column to your table, make it a unique key, and set it to a hash of some or all of the contents of the row. Then use that column in your link, which will look something like:

http://www.example.com/myapp/getrecord.php?id=5A6DBF67C656AD70

Your SQL query will now select using the hash value, which looks like random text. Hackers won't be able to guess the hash values of other records, because they don't know what data went into calculating the hash.

I'm not familiar with Sybase, but MySQL has server-side functions for hashing strings using algorithms such as MD5, and I'm guessing that Sybase provides this kind of thing too.

David Harper
Cambridge, England
.

Relevant Pages

  • Strange ADO.NET/Sybase/Sybase OLEDB problem
    ... we have developed in VB.NET and that accesses a Sybase database using the ... Sybase OLEDB driver via ADO.NET. ... Every morning about 5am, the windows service checks a specified directory, ... MergeData stored proc has started to finish prematurely before it has ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Dateadd in SQL statement not working
    ... Omigod, I thought you said you were using SQL Server, which is what my ... version of SQL used by Jet, which is the database usually used by Access): ... But my confusion is not totally resolved: Why are you using a Sybase ODBC ... driver to connect to either a Jet or a SQL Server database? ...
    (microsoft.public.inetserver.asp.general)
  • Re: Decouple SQL queries from class in OOP design
    ... then the arguments to the storeCart stored procedure have to be rather ... I have to be familiar with database schema, ... > support returning arbitrary numbers of rows through SELECT statements. ... > SYBASE does support that, and with SYBASE you have a lot of room to ...
    (comp.object)
  • Re: Zombie handles when trapped by a signal
    ... Now that I know that the Sybase ... The concept is to do the execute with a timeout. ... > database server automatically is not correct. ... even after the DBD-Sybase bug is fixed. ...
    (perl.dbi.users)
  • Re: Sybase Market
    ... relational database management systems and database-related products. ... "Sybase" is also commonly used to refer to Adaptive Server Enterprise, ... a deal with Microsoft to share the source code for Microsoft to ...
    (comp.databases.sybase)