I'm trying to figure out what the best way to do this is.
I have a part on my website where people can search for a particular card based on multiple different factors. Like the name of the card, color, cost, etc. When the user types in the criteria, I send the information via ajax GET. So the url looks something like this:
http://sitename.dev/search?query=asdf&color=red&etc=
The good thing is, the above provides a url so the user can easily copy paste and share the results with friends. The not so good part is, it's not so good for search engine optimization.
First question: How do I make these type of links good for SEO and is this secure? It seems like it would be easy to inject code?
Second question:
After getting the corresponding input from the user, I have the following in my SearchController to deal with the input:
public function postSearchResults() {
$searchStr = Input::get('query');
$color = Input::get('color');
$etc = Input::get('etc');
$query = DB::connection('mysql')->table('cards')
->where('name', 'LIKE', '%'.$searchStr.'%')
->where('color', 'LIKE', '%'.$color.'%')
->where('etc', 'LIKE', '%'.$etc.'%')
->get();
return parent::ajaxView('results', compact('query'));
}
Is the above secure or is there something I should do in addition to make it secure?
1 Answer 1
First question: How do I make these type of links good for SEO
I can't confidently say that it's bad in its current state as I'm not too clued up on SEO, see this link for some more info https://webmasters.stackexchange.com/questions/15393/is-a-url-with-a-query-string-better-or-worse-for-seo-then-one-without-one
I'm guessing if you wanted to make it somewhat more human and or seo friendly you can set your route up as so:
Route::get('{search}/{color}/{etc}', [
'uses' => 'SearchController@postSearchResults'
]);
Then you'd need to add some parameters to the controller:
public function postSearchResults($search, $color, $etc) {
$query = DB::connection('mysql')->table('cards')
->where('name', 'LIKE', '%'.$search.'%')
->where('color', 'LIKE', '%'.$color.'%')
->where('etc', 'LIKE', '%'.$etc.'%')
->get();
return parent::ajaxView('results', compact('query'));
}
Note: you may want to change your method name to getSearchResults() instead of postSearchResults(), as you are using the GET ajax method when calling the route, right?
and is this secure? It seems like it would be easy to inject code?
From the Laravel Documentation: http://laravel.com/docs/5.0/queries#introduction
Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
Second question: After getting the corresponding input from the user, I have the following in my SearchController to deal with the input:
... your code
Is the above secure or is there something I should do in addition to make it secure?
I'd like to think it's pretty secure based on what is aforementioned regarding how the query builder works.
Finally, don't consider this a complete answer. I'd definitely do some more digging around or maybe someone with more knowledge will come and post another answer! All the best!