John Topley’s Weblog

The Peugeot 308 and “Glove” from The Beatles’ film “Yellow Submarine”:

I’ve been beta testing Jeff Atwood’s and Joel Spolsky’s latest venture, Stack Overflow. In case you haven’t heard, Stack Overflow is a new site where programmers can go to get their programming questions answered by other programmers. It’s a similar idea to sites like Expert Sexchange [sic], but without the pay wall and general crapness.

I really like what I’ve seen so far. I think Stack Overflow is very well put together and even during the current beta stage it’s pretty slick. The reputation and badges system whereby you gain points and virtual awards for the contributions you make, is fun and strangely addictive. Most importantly though, it’s already genuinely useful. However (and you knew this was coming), one aspect of the implementation of Stack Overflow troubles me somewhat: it appears the site is using numeric database IDs within URIs.

Note that I use URI rather than URL because one of the stated aims for Stack Overflow is that its content be readily indexable by search engines, so that people can enter their specific programming question into Google and hopefully amongst the top results should be the definitive answer on Stack Overflow. It’s known that Google does place importance on URIs, so you want them to be meaningful and immutable.

URIs in Stack Overflow look like this:

http://stackoverflow.com/questions/13204/why-doesnt-my-cron-job-work-properly

—As you can see, there’s a number, followed by a Google-friendly version of the question title, which is often called a “slug”.

It’s generally considered A Bad Idea to expose your database IDs in URIs and here are several reasons why:

• If you have to move the site to a different box, can you guarantee that those database IDs will remain the same?
• If you have to restore the site’s data from a backup, can you guarantee that those database IDs will remain the same?
• If you have to switch to a different database server (say from Microsoft SQL Server to Oracle), can you guarantee that those database IDs will remain the same?

If you answered “no” to any of the questions above, then you’ve broken a fundamental rule of URIs (permalinks), which is that they’re supposed to stay the same forever! Including database IDs exposes implementation detail to the world. It might give me an idea of how many questions or answers there are and I might feel inclined to start hacking around, putting different numbers in to see if anything interesting happens.

URIs should be meaningful, not cluttered with meaningless information. Another example of this is URIs that include pseudo file extensions. For example, .do (Struts) or .aspx (ASP.NET). Why should a site’s visitors care what technology it’s implemented in? Think about what information you’d want your URIs to divulge if you were able to look at them in a hundred year’s time and discard everything else. Keep them meaningful and clean.

I did question the use of database IDs using the Stack Overflow Feedback Forum and got the following official response:

“without the numeric ID, it’d be nearly impossible to map text to database IDs.”

Now unless I’m fundamentally misunderstanding a key part of how Stack Overflow is implemented—which is entirely possible for I have no access to the project team or source code—I find it difficult to understand this statement. Surely all that’s required is an indexed database column that stores the question slug that forms the end of the URI. The slug itself can easily be automatically generated when a new question is saved. Then you can simply retrieve a question by its slug. Using the ActiveRecord dynamic finders in Ruby on Rails it might look like this:

question = Question.find_by_slug params[:id]

—Now you have a fully-formed Question instance and you can go off and get its answers etc. Of course in production code you’d want to make sure that the incoming request parameter is trustworthy rather than passing it straight to the finder method, but that’s not the point of the example. The key point is that the slug in the URI is the key that’s used to get hold of your model object; everything can still be stitched together using numeric database IDs under the hood, just don’t expose that to your site’s visitors. Please don’t pollute your URIs with implementation specifics.

Continuing the “What’s In Your Wallet?” meme started by my good friend John Conners, here are the contents of my wallet at the time of writing:

• A credit card
• A debit card
• A cashpoint card that is actually obsolete because I can use the debit card for withdrawing cash, but my bank still send me a new one every few years
• A Citibank card that I think I have to use if I ring them up
• A bronze award blood donor card
• A Homebase loyalty card that I relunctantly accepted because it meant saving money on some kitchen furniture and which I never intend to use again
• A Hilton HHonors [sic] card that I’ll probably never use
• My National Insurance card
• An NHS European Health Insurance card
• A £1 BT Phonecard, valid until December 2002
• A list of “important telephone numbers” card from my bank
• £45 in cash
• A return train ticket to Newport, South Wales, purchased through work for my meeting tomorrow
• A dental appointment card reminding me that my next check-up is on the 2nd December 2008 at 4.30 PM
• A business card for a local taxi firm that I never use
• A receipt from South West Trains for the last train ticket to London Waterloo I purchased
• A £25 Next voucher from Christmas 2005
• A complementary Moo card given to me at the Future of Web Apps conference 2007
• A business card from the Financial Advisor who arranged my mortgage
• A piece of paper with a list of my relatives’ addresses on that I invariably look at on holiday when writing postcards
• A Tandem Ticket to The Caves of Nottingham/The Tales of Robin Hood, valid until 10 August 2000
• A “Beat Excess Stress” leaflet from my last job, kept because I thought it was hilarious
• A photocopy of my birth certificate that I probably used as proof of age to get into rubbish nightclubs
• An official poll card for the 1992 parliamentary election, that I probably used as back up proof of age
• A map of Norwich city centre from one of my earliest dates with my partner
• My front door key
• A key for my Kensington laptop lock
• A tiny key for one of those small suitcase padlocks that you could probably cut through using nothing more than a big pair of scissors

The wallet itself is a black leather one that I’ve had for as long as I can remember. It must be at least eighteen years old and I seem to recall it was a present. It’s only whilst writing this list that I’ve come to realise how much crap I carry around in it, but there’s something strangely reassuring about having a core set of items in there that never change!