Eric,
Exposing delete actions as GET requests is also pretty dangerous. HTTP
clients expect GET requests to have no side effects and to be
idempotent. (Wayne touches on the idempotency below.) The rule of thumb
I use is that if I wouldn’t want anyone to bookmark or reload a URL, it
probably shouldn’t be accessible using GET. Google exposed this several
years back when (if my memory serves me correctly) they added a
pre-caching feature to their browser plugin. This caused some unexpected
behavior when it followed all of the delete and update links.
The HTTP DELETE method or the multi-purpose POST method would probably
be better suited for your situation, for example
DELETE /people.xqy?id=1234
or
POST /people.xqy?delete=1234
DELETE, of course, is not supported out-of-the-box in HTML forms, but is
possible using AJAX.
Justin
Justin Makeig
/Product Manager
/*Mark Logic Corporation
*999 Skyway Road
Suite 200
San Carlos, CA 94070
+1 650 655 2387 Phone
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
_www.marklogic.com <http://www.marklogic.com> <http://www.marklogic.com/>
This e-mail and any accompanying attachments are confidential. The
information is intended solely for the use of the individual to whom it
is addressed. Any review, disclosure, copying, distribution, or use of
this e-mail communication by others is strictly prohibited. If you are
not the intended recipient, please notify us immediately by returning
this message to the sender and delete all copies. Thank you for your
cooperation.
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Wayne Feick
*Sent:* Friday, October 10, 2008 12:52 PM
*To:* General Mark Logic Developer Discussion
*Subject:* Re: [MarkLogic Dev General] xpath string construction
Hi Eric,
In 4.0, you can use xdmp:unpath() to do this
http://developer.marklogic.com/pubs/4.0/apidocs/Extension.html#xdmp:unpath
However, in the example you've given I'd recommend changing the approach
to use some sort of an id attribute on person (since there are duplicate
names) rather than a positional XPath expression. With your current
approach, two users could each intend to delete "bob" at index 3 when in
fact the second attempt would actually delete "ryan".
As a rule, exposing xpath expressions to a web app is dangerous since
there is no guarantee they still refer to the same node from one
transaction to the next.
Wayne.
On Fri, 2008-10-10 at 14:43 -0400, Eric Palmitesta wrote:
Is there a specific reason why one can't construct an xpath out of a string?
For example,
let $media := 'book' (: or 'journal', or 'article' :)
return
doc('/path/to/file.xml')/path/to/$media/title
Another use case, I want to display a list of items, and offer a
'delete' link for each item.
lets say /people.xml contained the following:
<people>
<person name="bob" />
<person name="jim" />
<person name="bob" />
<person name="ryan" />
</people>
So I'd display something like:
for $person in doc('/people.xml')/people/person
return
<div>
$person/@name
<a href="delete.xqy?path={ xdmp:path($person) }>delete</a>
</div>
This will give me nice delete links like
"delete.xqy?path=/people/person[1]", but in the supposed delete.xqy, I'd
want to do something similar to:
let $file := '/people.xml'
let $person := xdmp:get-request-field('path')
return
xdmp:node-delete(doc($file)/$person)
I can't, of course, the doc call will be fine but I can't construct
xpath with a string. And the node-delete (and any other
node-manipulation function) requires actual nodes, not strings.
I end up having to write eval-based utility functions:
define function util:remove-element($uri as xs:string, $xpath as xs:string)
{
let $node := concat("doc('", $uri, "')", $xpath)
return
xdmp:eval(concat("xdmp:node-delete(", $node, ")"))
}
Please tell me I'm all wrong and there's a better way.
Cheers,
Eric
_______________________________________________
General mailing list
[email protected] <mailto:[email protected]>
http://xqzone.com/mailman/listinfo/general
------------------------------------------------------------------------
_______________________________________________
General mailing list
[email protected]
http://xqzone.com/mailman/listinfo/general
