Re: best paging strategies for large datasets?
| От | Justin Graf |
|---|---|
| Тема | Re: best paging strategies for large datasets? |
| Дата | |
| Msg-id | 4BEBFE63.4050107@magwerks.com обсуждение исходный текст |
| Ответ на | Re: best paging strategies for large datasets? (silly sad <sad@bankir.ru>) |
| Список | pgsql-sql |
On 5/13/2010 4:41 AM, silly sad wrote: > >>> First u count(*) the rows and select a requested page >>> returning to a client the count result bundled "with a page of rows" >>> >>> (1) client renders the acquired rows >>> (2)__memorize__ what part of the data he just got >>> (3) and stores the count result to calculate "the pager div" >>> >>> all the subsequent clicks on "the pager div" should not immediately >>> generate requests and decides if the request is needed. >> >> Yes, rendering the results throught ajax is a good idea, but one has to >> be careful not to expose one's LIMIT and OFFSET to the client, but only >> the "page" number. Or else the client could query the whole data set. A >> lot of "professional" web site have that hole. >> > > this is not a hole, it is only a matter of aesthetic > Silly Sad is right this is not a hole but a matter of aesthetics. To keep the code simple and limit the amount of things that have to be tracked with client session on the server, I pass the limit and offset to the client normally in a url/link. This also solves the problem if the users sessions expires, the information is lost meaning the user has to restart. Very annoying. So the urls look something like this www.mywebsit.com/index.php?module=getthedata&limit=10&offset=30&orderby=5 On the server set the these three data types to integer to block sql injection. I really don't care if the user sends a command to get all 10,000 records. If you block that, all that been accomplished is slowing down data harvesting and eating up even more resources, as the client/user will send ever more GETs to harvest data. Nothing has been accomplished. to keep the casual on looker for screwing with the url encode in base64. It keeps honest people honest but the hackers will pull that apart in a second. All legitimate Magwerks Corporation quotations are sent in a .PDF file attachment with a unique ID number generated by ourproprietary quotation system. Quotations received via any other form of communication will not be honored. CONFIDENTIALITY NOTICE: This e-mail, including attachments, may contain legally privileged, confidential or other informationproprietary to Magwerks Corporation and is intended solely for the use of the individual to whom it addresses.If the reader of this e-mail is not the intended recipient or authorized agent, the reader is hereby notified thatany unauthorized viewing, dissemination, distribution or copying of this e-mail is strictly prohibited. If you have receivedthis e-mail in error, please notify the sender by replying to this message and destroy all occurrences of this e-mailimmediately. Thank you.
В списке pgsql-sql по дате отправления: