sql - Sort by parameter to backend database -
how sorting logic specified in rest api handled backend database?
supposing rest api request
https://<<some api>>/?sortby=-id,name
is there easier way of converting above rest api sortby parameter without having regex seperate string commas, , check if first character contains dash form below sql request?
select * students order id asc, name desc
comma delimited strings don't have split regex.. following c# it, example:
string sort = request["sortby"]; if(sort != null){ foreach(string s in sort.split(',')){ string direction = "desc"; if(s[0] == '-') direction = "asc"; if(permittedcolumnslist.contains(s.replace("-", "")) sql = sql + s.replace("-", "") + " " + direction + ","; } sql = sql.remove(sql.length - 1); // drop last comma
this still parsing , looking first dash though, seem not want.
if prepared store permissible sort ops in dictionary gets simpler looking:
//column dictionary mapping acceptable parameters sql //implements them coldict["-id"]="id asc,"; coldict["id"]="id desc,"; coldict["-name"]="name asc,"; coldict["name"]="name desc,"; string sort = request["sortby"]; if(sort != null){ foreach(string s in sort.split(',')){ if(coldict.containskey(s)) sql = sql + coldict[s]; } sql = sql.remove(sql.length - 1); // drop last comma
i think there's far should go in looking simplify things. wouldn't wise blindly take user typed url, , shove in sql suffixed asc if put - (i keep expecting - desc) because that's security risk. building dictionary of permitted values isolate risk. dictionary can built programmatically doesn't need altering manually every time query schema changes
Comments
Post a Comment