Justtechjobs.com Find a programming school near you






Online Campus Both


php-db | 2004071

Re: [PHP-DB] perfornance with POST or db check ?? From: John W. Holmes (holmes072000 <email protected>)
Date: 07/01/04

Michael Gale wrote:

> The question I have it .. on three of the select boxes .. if the data is
> changed I require a extra function to get run.
>
> So for example if the "owner" value is changed I want to send a e-mail
> to the new owner.
>
> For performance should I just pass a hidden value with the original
> owner and compare that with the owner value of the select box OR should
> I do another db select to see if the field changed ???
>
> I was thinking that passing a string would have less of a performance
> impact ? then db activity. ?

It would, but the solution depends upon your users. Remember that a
hidden field's value can be modified. So, if a user wanted to be
malicious, they could set the hidden field to the new value matching
what they select and your program would think that no change took effect.

Now, you could outsmart them and not actually update that column if the
two values match. Then it wouldn't really do them any good to change the
values because the database won't be updated anyhow.

The "safest" way is to just select the data before you make any changes
and then compare it to what was submitted. The best way to do this,
though, is to store the original values in the session when you first
populate the form and then compare the submitted values to the session
values. This way you're not actually adding a query (so long as you're
using sessions already or aren't against adding them). The user can't
modify the session values, so this method is safe. 

-- 
---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php