How to design search and update functionality in PHP (and pass data from page to page)?

This question may have been asked before, but I cannot find the answer. I apologize in advance for possibly re-asking a question.

What is the appropriate way to design search and update functionality in PHP - to search for records that meet user criteria, select a specific record, and update data on that record?

This is a user account based system (so users register and create an account). MySQL is the database on the back-end. Users are able to create content, search for content, edit their own content, and delete their own content.

I see there being three pages:

Page 1. Search page - on this page, the user will key in for what they are searching

When the user activates the "Search" button, the form would do some processing to ensure the input was valid / all the fields were filled out, etc.

Page 2. Results page - on this page, the results of the search criteria would be displayed

Next to each result would be a button or hyperlink to allow the user to edit the content

Page 3. Edit page - on this page, the selected record would be displayed and the user could edit the content, e.g. change comments, change values, etc.

I think this 3 page format is fairly standard. What I don't know is what is the appropriate way to pass data from page to page, and how and when to execute SQL SELECT statements?

On Page 1, the user hits "Search", the form does some validation, and if everything passes validation, then the search criteria should be passed to Page 2 through the URL? Is that the appropriate way?

On Page 2, a SQL SELECT is executed searching for rows that meet the input criteria. Rows that match the input criteria are displayed. The user selects a record and activates the hyperlink. Does the hyperlink pass the record_id of the selected record to Page 3 through the URL? Is that the appropriate way?

Then on Page 3, another SQL SELECT is performed, this time for the specific record that was selected. Is that the appropriate way?

To summarize:

1) Is it appropriate to pass query criteria from search pag开发者_如何学运维e to result page via the URL?

2) Is it appropriate to pass the record_id of the record to be edited from results page to edit page via the URL?

3) Is it appropriate to perform 2 SQL SELECTS during this process: 1 SQL SELECT on the results page to select all records that matched the search criteria, and 1 SQL SELECT on the edit page to display the attributes of the record to be edited.

I know there are "a million different ways" to accomplish tasks through computer programs. That is one of the aspects of computer programming and design which I like - the creativity a programmer is able to use to solve problems. That said, is the approach (design pattern) I laid out above appropriate? Are there serious flaws with that design pattern? Is there a generally recognized "better way" to do it?

Thanks for reading.

Whatever you do, just make sure you never ever, ever, EVER pass a SQL query in the query string!! You will be vulnerable to the easiest injection attack.

Read here this answer: Worst security hole you've seen?

Google bots will find your page. Wanna see pages that do that (query in the querystring?). See here:

http://www.google.com/search?q=inurl%3Aselect+inurl%3A%2520+inurl%3Afrom+inurl%3Awhere