PHP Create not inserting into db and check if exists

  • (2 Pages)
  • +
  • 1
  • 2

20 Replies - 446 Views - Last Post: 01 February 2019 - 10:48 AM Rate Topic: -----

#16 Martyr2   User is offline

  • Programming Theoretician
  • member icon

Reputation: 5378
  • View blog
  • Posts: 14,286
  • Joined: 18-April 07

Re: PHP Create not inserting into db and check if exists

Posted 31 January 2019 - 05:04 PM

First of all, just a general comment. I would axe half of your comments because they are offering no value here. This from a guy who believes strongly in commenting, but only if they add value. Most of the comments just reiterate what you show in code.

As for checking if a user exists before doing something, I can see how inserting and letting the query fail is nice to save a query. However it really relies on the database constraints to make sure that works. 99% of the time that would be fine, but I don't know if we should ever leave software relying on a database to validate our assumptions. But of course it all depends on the situation I guess.

All I am saying is don't blindly follow that recommendation as an absolute and always take a look at the business rules first. :)
Was This Post Helpful? 0
  • +
  • -

#17 benanamen   User is offline

  • D.I.C Head

Reputation: 35
  • View blog
  • Posts: 235
  • Joined: 28-March 15

Re: PHP Create not inserting into db and check if exists

Posted 31 January 2019 - 05:15 PM

@ArtificialSoldier, we are on the same page. As far as what to say on duplicate, I mean don't give a specific error message like, "username bob is not available". I mean give a generic message like Invalid Username or Email. The more important part is not building in a race condition and using double the amount of queries needed.

OP, I would highly recommend you put your code on a public repo like GitHub so those that want to can give you their expert review as a whole.

EDIT: @Martyr2, do you get that by doing a username check first, the application will "lie" to simultaneous users trying to register the same username? If 50 simultaneous users try to register the same username, the app will lie to 49 of them saying it is available. Only one (winner of the race, ie: first one to execute the second query, will win the race and get entered.)

This post has been edited by benanamen: 31 January 2019 - 05:27 PM

Was This Post Helpful? 0
  • +
  • -

#18 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2249
  • View blog
  • Posts: 6,877
  • Joined: 15-January 14

Re: PHP Create not inserting into db and check if exists

Posted 31 January 2019 - 05:31 PM

The race condition thing is pretty theoretical. We studied that kind of thing in school enough to scare me into making an effort to find and avoid them, but I don't think I've ever actually seen one. Obviously that's not a defense to not check for them, but they are exceedingly rare (and, this case, no harm because the database will just kick back an error). In the case of web applications in particular, it's not even enough to press the submit buttons at the same millisecond, because there's plenty of delay with the network and things like that, it would be very difficult to actually intentionally make a race condition happen on a vulnerable web application. There's so much overhead involved when you're talking about milliseconds or even microseconds. Especially with something like registering an account, you would need to have millions of people signing up at once to make that statistically possible. But if that's the case, you'll be happy that you don't have it doing those extra duplicate checks before inserting.
Was This Post Helpful? 0
  • +
  • -

#19 benanamen   User is offline

  • D.I.C Head

Reputation: 35
  • View blog
  • Posts: 235
  • Joined: 28-March 15

Re: PHP Create not inserting into db and check if exists

Posted 31 January 2019 - 05:45 PM

Quote

The race condition thing is pretty theoretical.

Citation please. On a low traffic site, the odds are probably pretty great of it not happening and at worst one or more users will have a slightly lesser user experience. The duplicate constraint will stop duplicates so no worries there. Nevertheless, you will still ALWAYS double your query load when there is no need to. It just makes much more sense to not run extra queries and build in the potential for a race condition when you easily don't have to. The elimination of a potential race condition is done away without any "effort" just by attempting the insert first.

This post has been edited by benanamen: 01 February 2019 - 10:49 AM

Was This Post Helpful? 0
  • +
  • -

#20 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2249
  • View blog
  • Posts: 6,877
  • Joined: 15-January 14

Re: PHP Create not inserting into db and check if exists

Posted 01 February 2019 - 10:41 AM

We've got millions of users and, while I don't think we have many race conditions, we do typically validate everything prior to insert, even on tables with unique keys. We don't get help desk tickets showing unique constraints being violated, which suggests they don't actually happen.

Quote

On a low traffic site, the odds are probably pretty great of it happening

The odds are not great on a low-traffic site. For this scenario, of registration, not only does it require many users trying to sign up at the same time to get the timing right, but they also have to have chosen the same username. The odds are extraordinarily low of that happening.
Was This Post Helpful? 0
  • +
  • -

#21 benanamen   User is offline

  • D.I.C Head

Reputation: 35
  • View blog
  • Posts: 235
  • Joined: 28-March 15

Re: PHP Create not inserting into db and check if exists

Posted 01 February 2019 - 10:48 AM

View PostArtificialSoldier, on 01 February 2019 - 10:41 AM, said:

We've got millions of users and, while I don't think we have many race conditions, we do typically validate everything prior to insert, even on tables with unique keys. We don't get help desk tickets showing unique constraints being violated, which suggests they don't actually happen.

Quote

On a low traffic site, the odds are probably pretty great of it happening

The odds are not great on a low-traffic site. For this scenario, of registration, not only does it require many users trying to sign up at the same time to get the timing right, but they also have to have chosen the same username. The odds are extraordinarily low of that happening.



I made a Typo. Missing "not". Should have read...

On a low traffic site, the odds are probably pretty great of it NOT happening
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2