I have a website which contains a campaign and each campaign has multiple surveys.
If I were to edit a campaign, I have the URL named
campaign/edit/1
If I wanted to edit a survey in a campaign I have a URL named
campaign/edit/1/survey/edit/3
My page will fetch the data for the campaign with the ID of 1 and survey with the ID of 3.
While this works, I'm wondering if there actually exists some sort of convention that would be better fit for this or if a URL like this is ok?
While it is totally acceptable to do this for a small scale website where the stakes are low, there are other ways to do this that are more secure. For example, notice how if you go to an instagram post in the web, the URL is "https://www.instagram.com/p/BeB6HbqA8TEYRi7-I0X3neNZ2tw0irKoVdUCbg0" where the string after the /p/ is the id of the image. This is a hash rather than a number. They could have made the url the number ID of the image but that could lead to problems where you can predict the ID of an image based on when it was posted relative to other images and such, thus exposing a part of the backend that you dont typically want to expose.
In your case you would give users the ability to change the IDs in the URL from 1 and 3 to other numbers and potentially they are valid IDs in the database and so they would bring up a form that they maybe were not supposed to be able to access.
Thus, web frameworks have ways for you to specify that you want your database objects to generate a UUID (a random hash) and use that as the key (such as Django's UUIDField). You can then use the UUID in the URL and thus stop anyone from generating a possible URL.