[MarkLogic Dev General] xpath string construction

Justin Makeig Justin.Makeig at marklogic.com
Fri Oct 10 13:26:46 PDT 2008


Eric,

Exposing delete actions as GET requests is also pretty dangerous. HTTP clients expect GET requests to have no side effects and to be idempotent. (Wayne touches on the idempotency below.) The rule of thumb I use is that if I wouldn’t want anyone to bookmark or reload a URL, it probably shouldn’t be accessible using GET. Google exposed this several years back when (if my memory serves me correctly) they added a pre-caching feature to their browser plugin. This caused some unexpected behavior when it followed all of the delete and update links. 

The HTTP DELETE method or the multi-purpose POST method would probably be better suited for your situation, for example 

 

DELETE /people.xqy?id=1234

 

or

 

POST /people.xqy?delete=1234

 

DELETE, of course, is not supported out-of-the-box in HTML forms, but is possible using AJAX.

 

Justin

 

Justin Makeig
Product Manager
Mark Logic Corporation
999 Skyway Road
Suite 200
San Carlos, CA 94070
+1 650 655 2387 Phone
justin.makeig at marklogic.com
www.marklogic.com <http://www.marklogic.com/> <http://www.marklogic.com/>  
This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies.  Thank you for your cooperation.

 

 

 

From: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] On Behalf Of Wayne Feick
Sent: Friday, October 10, 2008 12:52 PM
To: General Mark Logic Developer Discussion
Subject: Re: [MarkLogic Dev General] xpath string construction

 

Hi Eric,

In 4.0, you can use xdmp:unpath() to do this 

 
http://developer.marklogic.com/pubs/4.0/apidocs/Extension.html#xdmp:unpath

However, in the example you've given I'd recommend changing the approach to use some sort of an id attribute on person (since there are duplicate names) rather than a positional XPath expression. With your current approach, two users could each intend to delete "bob" at index 3 when in fact the second attempt would actually delete "ryan".

As a rule, exposing xpath expressions to a web app is dangerous since there is no guarantee they still refer to the same node from one transaction to the next.

Wayne.


On Fri, 2008-10-10 at 14:43 -0400, Eric Palmitesta wrote: 

 
Is there a specific reason why one can't construct an xpath out of a string?
 
For example,
 
let $media := 'book' (: or 'journal', or 'article' :)
return
   doc('/path/to/file.xml')/path/to/$media/title
 
Another use case, I want to display a list of items, and offer a 
'delete' link for each item.
 
lets say /people.xml contained the following:
   <people>
     <person name="bob" />
     <person name="jim" />
     <person name="bob" />
     <person name="ryan" />
   </people>
 
So I'd display something like:
 
for $person in doc('/people.xml')/people/person
return
   <div>
     $person/@name
     <a href="delete.xqy?path={ xdmp:path($person) }>delete</a>
   </div>
 
This will give me nice delete links like 
"delete.xqy?path=/people/person[1]", but in the supposed delete.xqy, I'd 
want to do something similar to:
 
let $file := '/people.xml'
let $person := xdmp:get-request-field('path')
return
   xdmp:node-delete(doc($file)/$person)
 
I can't, of course, the doc call will be fine but I can't construct 
xpath with a string.  And the node-delete (and any other 
node-manipulation function) requires actual nodes, not strings.
 
I end up having to write eval-based utility functions:
 
define function util:remove-element($uri as xs:string, $xpath as xs:string)
{
        let $node := concat("doc('", $uri, "')", $xpath)
        return
               xdmp:eval(concat("xdmp:node-delete(", $node, ")"))
}
 
Please tell me I'm all wrong and there's a better way.
 
Cheers,
 
Eric
_______________________________________________
General mailing list
General at developer.marklogic.com
http://xqzone.com/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://xqzone.marklogic.com/pipermail/general/attachments/20081010/9a293579/attachment-0001.html


More information about the General mailing list