I had a similar situation, only I was trying to make sale ID's for purchases. Here is the code I used: $query25="lock tables saleID write"; $mysql_result25=mysql_query($query25, $mysql_link); $query26="select * from saleID"; $mysql_result26=mysql_query($query26, $mysql_link); $row26=mysql_fetch_row($mysql_result26); $salenum=$row26[0]; $query27="update saleID set SaleID = SaleID + 1"; $mysql_result27=mysql_query($query27, $mysql_link); $query28="unlock tables"; $mysql_result28=mysql_query($query28, $mysql_link); Hope this helps -Angela Curtis >Subject: > database collision? > Date: > Tue, 9 Jan 2001 11:45:58 +0100 > From: > "Luescher Samuel (MMVZSLU)" <[EMAIL PROTECTED]> > To: > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > > > hi there. i am developing a database app to manage dynamic sites. in a > nutshell, i have an item table (to store all the content) and a permission > table (to register who's allowed to edit/view specific items). > > now, when creating a new item, i do the following things: > > - determine a new permission id (which is the permission table primary > key, kinda "SELECT MAX(id) FROM permission_table" and then increase the > result by one. i don't use AUTO_INCREMENT columns on purpose.) > - create an entry in the permission table > - create an entry in the item table, including the permission id as > relational attribute > > now, my question is: since there may be multiple php processes running, if > two users simultaneously create an item and post it at the same moment - > couldn't it happen that the process of user#1 has already determined the > permission id, while user#2 determines the SAME id, creates the entry and > user#1 will get an error because the item id was already taken in the > meantime? what can i do to avoid such security/integrity holes? > > thanks for listening - sam -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]