I need a mechanism for storing complex data structures created in client side javascript. I've been considering using the stringify method to convert the javascript object into a string, store it in the database and then pull it back out and use the reverse parse method to give me the javascript object back.
Is this just a bad idea or can it be done safely? If it can, what are some pitfalls I should be sure to avoid? Or should I just come up with my own method for accomplishing this?
I need a mechanism for storing complex data structures created in client side javascript. I've been considering using the stringify method to convert the javascript object into a string, store it in the database and then pull it back out and use the reverse parse method to give me the javascript object back.
Is this just a bad idea or can it be done safely? If it can, what are some pitfalls I should be sure to avoid? Or should I just come up with my own method for accomplishing this?
Share Improve this question edited Mar 15, 2011 at 8:48 skaffman 404k96 gold badges824 silver badges775 bronze badges asked Mar 15, 2011 at 8:33 Spencer RuportSpencer Ruport 35.1k12 gold badges88 silver badges150 bronze badges 2- 1 Not sure what form of database you've got access to from javascript. But I get all kinds of "I have a bad feeling about this" when a web application's javascript gets so complex it needs a database... – Vincent Vancalbergh Commented Mar 15, 2011 at 8:40
- Yeah I know what you mean. Unfortunately I'm 100% sure we don't know all the pieces of data we'll be needing to store necessitating some kind of flexible data storage method which rules out strict fields and tables. And I'm 90% sure I'll never have to query this data. – Spencer Ruport Commented Mar 15, 2011 at 9:22
3 Answers
Reset to default 9It can be done and I've done it. It's as safe as your database.
The only downside is it's practically impossible to use the stored data in queries. Down the track you may come to wish you'd stored the data as table fields to enable filtering and sorting etc.
Since the data is user created make sure you're using a safe method to insert the data to protect yourself from injection attacks (don't just blindly concatenate the data into a query string).
It's fine so long as you don't deserialize using eval.
Because you are using a database it means you need a serverside language to communicate with the database. Any data you have is easily converted from and to json with most serverside languages.
I can't imagine a proper usecase unless you have a sh*tload of javascript, it needs to be very performant, and you have exhausted all other possibilities such as caching, query optimization, etc...
An other downside of doing this is that you can't easily query the data in your database which is always nice when you want to get any kind of reporting done. And what if your json structure changes? Will you update all the scripts in your database? Or will you force yourself to cope with the changes in the parsing code?
Conclusion
Imho it is not dangerous to do so but it leaves little room for manageability and future updates.