No matter what language or environment you're programming in, you will want
to refer to the documentation and recommendations supplied by the
publishers of your RDBMS as to the best way to avoid key collisions.

A few of the methods I've seen most frequently appear to be:

  1.  Use a proprietary method supplied by your RDBMS.  Examples would be
AUTO INCREMENT (or whatever) in MySQL and DEFAULT NEXTVAL of a SEQUENCE in
PostgreSQL.

  2.  Create and maintain a table or tables of your own that dish out
sequential keys (not as easy as it looks...requires at least the ability to
lock a row or table; also this serializes your inserts, so be aware that it
is a potential bottleneck).

  3.  Use some kind of random data (can be timestamp or random number
based) to compute non-sequential keys.

Good luck,
Doug

At 11:45 AM 1/9/01 +0100, Luescher Samuel (MMVZSLU) wrote:
>> hi there. i am developing a database app to manage dynamic sites. in a
>> nutshell, i have an item table (to store all the content) and a permission
>> table (to register who's allowed to edit/view specific items).
>> 
>> now, when creating a new item, i do the following things:
>> 
>> - determine a new permission id (which is the permission table primary
>> key, kinda "SELECT MAX(id) FROM permission_table" and then increase the
>> result by one. i don't use AUTO_INCREMENT columns on purpose.)
>> - create an entry in the permission table
>> - create an entry in the item table, including the permission id as
>> relational attribute
>> 
>> now, my question is: since there may be multiple php processes running, if
>> two users simultaneously create an item and post it at the same moment -
>> couldn't it happen that the process of user#1 has already determined the
>> permission id, while user#2 determines the SAME id, creates the entry and
>> user#1 will get an error because the item id was already taken in the
>> meantime? what can i do to avoid such security/integrity holes?
>> 
>> thanks for listening - sam



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to