Hi!
I have a table with 16 columns and a search page which can take any number of those 16 columns (fields) as input. Given the enormous amount of records to be stored, I will have to spread the results through many pages.
Now, all that changes among those pages are page number (dealt with LIMIT n, rows) and ORDER BY.
Do I need to pass each and every field into the script that reselects the page, or can I store a hidden input type with formatted SQL query, minus the LIMIT and ORDER BY clauses?
For example:
1: "SELECT * FROM the_table WHERE this=that AND some_column=value AND [up to 16 conditions]"
plus
2: " LIMIT n, row ORDER BY sortcolumn"
Now, can store the query in #1 in a hidden input form field and have the page selector script only append proper LIMIT and ORDER BY?
The columns in question hold no secret info, like passwords. Even if there were any passwords, those would be one-way encrypted. This is an intranet application. Evenso, I'd like to encrypt this SQL query, simply for the reasons not to reveal table and column names to unauthorized personell (which they could see by viewing the page source). So, my questions are:
- Is this wise? To pass encrypted formatted SQL query through hidden input form field?
- Which two-way encryption algorithm you would suggest?
Please note that I think this is the easiest thing to do, script-wise (yeah, I'm a lazy ass). I will have a search.php that takes the input and formats the SQL, routing to show.php that would then take only the encrypted SQL as input. I know I could do this with a separate table and store latest SQL per user, but for certain reasons, I wish to avoid that. Also, I wish to avoid using $_GET.
Thank you!
