No matter what language or environment you're programming in, you will want to refer to the documentation and recommendations supplied by the publishers of your RDBMS as to the best way to avoid key collisions. A few of the methods I've seen most frequently appear to be: 1. Use a proprietary method supplied by your RDBMS. Examples would be AUTO INCREMENT (or whatever) in MySQL and DEFAULT NEXTVAL of a SEQUENCE in PostgreSQL. 2. Create and maintain a table or tables of your own that dish out sequential keys (not as easy as it looks...requires at least the ability to lock a row or table; also this serializes your inserts, so be aware that it is a potential bottleneck). 3. Use some kind of random data (can be timestamp or random number based) to compute non-sequential keys. Good luck, Doug At 11:45 AM 1/9/01 +0100, Luescher Samuel (MMVZSLU) wrote: >> hi there. i am developing a database app to manage dynamic sites. in a >> nutshell, i have an item table (to store all the content) and a permission >> table (to register who's allowed to edit/view specific items). >> >> now, when creating a new item, i do the following things: >> >> - determine a new permission id (which is the permission table primary >> key, kinda "SELECT MAX(id) FROM permission_table" and then increase the >> result by one. i don't use AUTO_INCREMENT columns on purpose.) >> - create an entry in the permission table >> - create an entry in the item table, including the permission id as >> relational attribute >> >> now, my question is: since there may be multiple php processes running, if >> two users simultaneously create an item and post it at the same moment - >> couldn't it happen that the process of user#1 has already determined the >> permission id, while user#2 determines the SAME id, creates the entry and >> user#1 will get an error because the item id was already taken in the >> meantime? what can i do to avoid such security/integrity holes? >> >> thanks for listening - sam -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]