Query string

Query string

In the World Wide Web, a query string is the part of a URL that contains data to be passed to web applications such as CGI programs.

When a web page is requested via the Hypertext Transfer Protocol, the server locates a file in its file system based on the requested URL. This file may be a regular file or a program. In the second case, the server may (depending on its configuration) run the program, sending its output as the required page. The query string is a part of the URL which is passed to the program. Its use permits data to be passed from the HTTP client (often a browser) to the program which generates the web page.

tructure

A typical URL containing a query string is as follows:

:http://server/path/program?query_string

When a server receives a request for such a page, it runs a program (if configured to do so), passing the query_string unchanged to the program. The question mark is used as a separator and is not part of the query string.

A link in a web page may have a URL that contains a query string. However, the main use of query strings is to contain the content of an HTML form, also known as web form. In particular, when a form containing the fields field1, field2, field3 is submitted, the content of the fields is encoded as a query string as follows:

:field1=value1&field2=value2&field3=value3...

* The query string is composed of a series of field-value pairs.
* The field-value pairs are each separated by an equal sign.
* The series of pairs is separated by the ampersand, '&'.
* You can use the fields to create arrays of values. In which case the syntax is:

:field [] =value1&field [] =value2&field [] =value3...

This will create an array, field with 3 values. You can also add the keys yourself in the square brackets if required.

For each field of the form, the query string contains a pair field=value. Web forms may include fields that are not visible to the user; these fields are included in the query string when the form is submitted.

This 'name then equal sign then value then ampersand' convention is a W3C recommendation [http://www.w3.org/TR/REC-html40/interact/forms.html#form-content-type] . They also provide a further appendix entry [http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2] that recommends the use of a semicolon instead of an ampersand.

Technically, the form content is only encoded as a query string when the form submission method is GET. The same encoding is used by default when the submission method is POST, but the result is not sent as a query string, that is, is not added to the action URL of the form. Rather, the string is sent as the body of the request.

URL encoding

Some characters cannot be part of a URL (for example, the space) and some other characters have a special meaning in a URL: for example, the character # is used to locate a point within a page; the character = is used to separate a name from a value. A query string may need to be converted to satisfy these constraints. This can be done using a schema known as URL encoding.

In particular, encoding the query string uses the following rules:
* Letters (A-Z and a-z), numbers (0-9) and the characters '.', '-', '~' and '_' are left as-is
* SPACE is encoded as '+'
* All other characters are encoded as %FF hex representation with any non-ASCII characters first encoded as UTF-8 (or other specified encoding)

The encoding of SPACE as '+' and the selection of "as-is" characters distinguishes this encoding from RFC 1738.

RFC

As defined in RFC 1738, a URL of scheme http can contain a "searchpart" following the rest of the URL and separated from it by a ? character. RFC 3986 specifies that the "query component" of an URI is the part between the ? and the end of the URI or the character #. The term "query string" is of common usage for referring to this part for the case of HTTP URLs.

Example

If a form is embedded in an HTML page as follows:

and the user inserts the strings “this is a field” and “was it clear (already)?” in the two text fields and presses the submit button, the program test.cgi will receive the following query string: first=this+is+a+field&second=was+it+clear+%28already%29%3F

If the form is processed on the server by a CGI script, the script may typically receive the query string as an environment variable named QUERY_STRING.

Tracking

A program receiving a query string can ignore part or all of it. If the requested URL corresponds to a file and not to a program, the whole query string is ignored. However, regardless of whether the query string is used or not, the whole URL including it is stored in the server log files.

These facts allow query strings to be used to track users in a manner similar to that provided by HTTP cookies. For this to work, every time the user downloads a page, a unique identifier is chosen and added as a query string to the URLs of all links the page contains. As soon as the user follows one of these links, the corresponding URL is requested to the server. This way, the download of this page is linked with the previous one.

For example, when a web page containing the following is requested: see my page! mine is better

a unique string, such as sdfsd23423 is chosen, and the page is modified as follows: see my page! mine is better

The addition of the query string does not change the way the page is shown to the user. When the user follows, for example, the first link, the browser requests the page frank.html?sdfsd23423 to the server, which ignores what follows ? and sends the page frank.html as expected, adding the query string to its links as well.

This way, any subsequent page request from this user will carry the same query string sdfsd23423, making it possible to establish that all these pages have been viewed by the same user. Query strings are often used in association with web beacons.

The main differences between query strings used for tracking and HTTP cookies are that:
# Query strings form part of the URL, and are therefore included if the user saves or sends the URL to another user; cookies can be maintained across browsing sessions, but are not saved or sent with the URL.
# If the user arrives at the same web server by two (or more) independent paths, it will be assigned two different query strings, while the stored cookies are the same.

Flexibility vs. Security

A URL query string allows for flexibility in retrieving data from a web server and possibly from the database used to populate pages for that web server. A read only data store, such as a weather mapping service, is one example where URL query strings can be used with great flexibility.

In some circumstances, a URL query string may expose security issues because it can be edited by a user to retrieve data that they do not have access to. In particular, a URL query string containing a username and password could be used with a dictionary attack to guess at valid login credentials to a particular web site. Most secure webservers use at least MD5 hash checking, or more powerful encoding methods to validate all given strings.

ee also

* URI scheme
* HyperText Transfer Protocol
* Common Gateway Interface
* HTTP cookie
* Web beacon

External links

* RFC 1738
* RFC 3986


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Query string — Saltar a navegación, búsqueda Query string, cadena de consulta, este término generalmente se utiliza para hacer referencia a una interacción con una base de datos. Es la parte de una URL que contiene los datos que deben pasar a aplicaciones web… …   Wikipedia Español

  • Query String — Ein Query String ist ein Teil eines Uniform Resource Locator (URL) im World Wide Web. Diese Zeichenkette enthält benannte Parameter, die dann von der Webanwendung ausgewertet werden können. Inhaltsverzeichnis 1 Aufbau 2 Übertragung 3 Beispiel …   Deutsch Wikipedia

  • Query by Example — (QBE) is a database query language for relational databases. It was devised by Moshè M. Zloof at IBM Research during the mid 1970s, in parallel to the development of SQL. It is the first graphical query language, using visual tables where the… …   Wikipedia

  • String (computer science) — In formal languages, which are used in mathematical logic and theoretical computer science, a string is a finite sequence of symbols that are chosen from a set or alphabet. In computer programming, a string is traditionally a sequence of… …   Wikipedia

  • Comparison of programming languages (string functions) — String functions redirects here. For string functions in formal language theory, see String operations. Programming language comparisons General comparison Basic syntax Basic instructions Arrays …   Wikipedia

  • Java Persistence Query Language — Испытал влияние: SQL Java Persistence Query Language (JPQL)  платформо независимый объектно ориентированный язык запросов являющийся частью Java Persistence API спецификации. JPQL используется для написания запросов к сущностям, хранящимся в …   Википедия

  • Language Integrated Query — LINQ redirects here. For the card game, see Linq (card game). Language Integrated Query Influenced by SQL, Haskell Language Integrated Query (LINQ, pronounced link ) is a Microsoft .NET Framework component that adds native data querying… …   Wikipedia

  • Stanford String Quartet — The Stanford String Quartet was formed in 1984 as a special project of the Stanford University Department of Music. PersonnelFaculty member and violinist Andor Toth became the first violinist. He was joined by Stanford faculty members [http://www …   Wikipedia

  • New England String Ensemble — was founded in 1993 by violinist Peter Stickel and cellist John Bumstead to champion strings in performance and education and is one of the country’s leading professional string orchestras.[citation needed] The ensemble consists of 26… …   Wikipedia

  • Fuzzy string searching — Approximate string search is the name that is used for a category of techniques for finding strings that approximately match some given pattern string. It may also be known as approximate or inexact matching. Approximate string searching has two… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”