can i include query in URL?

[D R E]

I have a list of names, and upon clicking the list, want each list item to
go to a different url. Is it safe to put the urls's like this?

<A HREF="resultsPg?rownumber=1">Select row 1</A>
<A HREF="resultsPg?rownumber=2">Select row 2</A>
<A HREF="resultsPg?rownumber=3">Select row 3</A>

resultsPg is a servlet. I want to return a page based on the row selected
from the list (rownumber).

Thanks.

 

[Tony Morris]

You are compromising the security of the entire application.
Look up "SQL Injection".

 

[D R E]

so how would i go about doing it? You know how in some websites, when you
click the column heading it re-sorts by that column that you clicked....

 

[Virgil Green]

You are compromising the security of the entire application.
Look up "SQL Injection".

Based upon the OPs post, how so?

- Virgil

 

[marcus]

Naval, in the militaristic rather than anatomical vein, is generally
agreed to have violated Charge-Parity, when considered in terms of
Structured-Query-Language fixatives.

 

[Omar Khan]

Based upon the OPs post, how so?

- Virgil

Peace be unto you.

Original Poster wrote

so how would i go about doing it? You know how in some websites, when >you
click the column heading it re-sorts by that column that you >clicked....

I assume the OP is building upon a plain sql string, since
the title is 'can i include [sql] query in URL'.

Anyways,
<A HREF="resultsPg?rownumber=1">Select row 1</A>
http://localhost/servlet/resultsPg?rownumber=1+or+1=1

Returns all rows or something I guess.
- %3D is = I guess

Use callable procedure,views, or preparedstatements,
if your db does not support the others.
www.nextgenss.com/papers/advanced_sql_injection.pdf
First link on a google search for SQL Injection
disclaimer:images on my browser set to off.

Nevertheless,
doesn't the SQL "order by fieldname" clause meet your needs?