Eric, Exposing delete actions as GET requests is also pretty dangerous. HTTP clients expect GET requests to have no side effects and to be idempotent. (Wayne touches on the idempotency below.) The rule of thumb I use is that if I wouldn’t want anyone to bookmark or reload a URL, it probably shouldn’t be accessible using GET. Google exposed this several years back when (if my memory serves me correctly) they added a pre-caching feature to their browser plugin. This caused some unexpected behavior when it followed all of the delete and update links.
The HTTP DELETE method or the multi-purpose POST method would probably be better suited for your situation, for example DELETE /people.xqy?id=1234 or POST /people.xqy?delete=1234 DELETE, of course, is not supported out-of-the-box in HTML forms, but is possible using AJAX. Justin Justin Makeig Product Manager Mark Logic Corporation 999 Skyway Road Suite 200 San Carlos, CA 94070 +1 650 655 2387 Phone [EMAIL PROTECTED] www.marklogic.com <http://www.marklogic.com/> <http://www.marklogic.com/> This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wayne Feick Sent: Friday, October 10, 2008 12:52 PM To: General Mark Logic Developer Discussion Subject: Re: [MarkLogic Dev General] xpath string construction Hi Eric, In 4.0, you can use xdmp:unpath() to do this http://developer.marklogic.com/pubs/4.0/apidocs/Extension.html#xdmp:unpath However, in the example you've given I'd recommend changing the approach to use some sort of an id attribute on person (since there are duplicate names) rather than a positional XPath expression. With your current approach, two users could each intend to delete "bob" at index 3 when in fact the second attempt would actually delete "ryan". As a rule, exposing xpath expressions to a web app is dangerous since there is no guarantee they still refer to the same node from one transaction to the next. Wayne. On Fri, 2008-10-10 at 14:43 -0400, Eric Palmitesta wrote: Is there a specific reason why one can't construct an xpath out of a string? For example, let $media := 'book' (: or 'journal', or 'article' :) return doc('/path/to/file.xml')/path/to/$media/title Another use case, I want to display a list of items, and offer a 'delete' link for each item. lets say /people.xml contained the following: <people> <person name="bob" /> <person name="jim" /> <person name="bob" /> <person name="ryan" /> </people> So I'd display something like: for $person in doc('/people.xml')/people/person return <div> $person/@name <a href="delete.xqy?path={ xdmp:path($person) }>delete</a> </div> This will give me nice delete links like "delete.xqy?path=/people/person[1]", but in the supposed delete.xqy, I'd want to do something similar to: let $file := '/people.xml' let $person := xdmp:get-request-field('path') return xdmp:node-delete(doc($file)/$person) I can't, of course, the doc call will be fine but I can't construct xpath with a string. And the node-delete (and any other node-manipulation function) requires actual nodes, not strings. I end up having to write eval-based utility functions: define function util:remove-element($uri as xs:string, $xpath as xs:string) { let $node := concat("doc('", $uri, "')", $xpath) return xdmp:eval(concat("xdmp:node-delete(", $node, ")")) } Please tell me I'm all wrong and there's a better way. Cheers, Eric _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
_______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
