dtry54612 2012-04-21 15:32
浏览 23
已采纳

用户数据库结构

I'm running a basic website with some user accounts (no cookies, php session system.). I'd like to store some data generated by the user only visible for themselves.

For the moment I store the data from all users in one table, with an extra column for identifying (this is an input from php session user-id). (We are talking about max. 50-100 keys per user).

On data request I have an extra parameter (AND "user-id"=x) in the mysql query.

  1. Is this a safe (there is no sensitive data on the site, but the accounts have to be private anyway) way of storing data?

  2. Are there better ways to handle this? (I read about separate databases etc.) and if so, how?

thx,

M.

  • 写回答

3条回答 默认 最新

  • dsbpaqt61965 2012-04-21 15:43
    关注

    Is this a safe (there is no sensitive data on the site, but the accounts have to be private anyway) way of storing data?

    There is nothing wrong in having the user-id=x in your mysql query to get the data from the table. But make sure you are not directly reading this value from your query string and appending to the mysql query without doing proper sanitization and cleaning. Otherwise you will be a vicitm of SQL injection.

    Are there better ways to handle this? (I read about separate databases etc.) and if so, how?

    I don't see any reasons to have seperate database to handle this. You can use your current database. If needed, you may create additional tables for this. I am not sure what is your db schema and entity relations. So i am not in a position to tell you how to do that. Look into your tables and make sure it is normalized.

    If you want the data stored to be seen only by that particular user, You probably want to check in whether the current logged in user id ( get from the session variable ?) is same as of the userId of the db record. May be you can compare with the "CreatedById" field value if you have one.

    I believe this link is a must read if "SQL injection" is a new term for you. http://www.unixwiz.net/techtips/sql-injection.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计
  • ¥15 路易威登官网 里边的参数逆向
  • ¥15 Arduino无法同时连接多个hx711模块,如何解决?
  • ¥50 需求一个up主付费课程
  • ¥20 模型在y分布之外的数据上预测能力不好如何解决
  • ¥15 processing提取音乐节奏
  • ¥15 gg加速器加速游戏时,提示不是x86架构
  • ¥15 python按要求编写程序
  • ¥15 Python输入字符串转化为列表排序具体见图,严格按照输入