SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP vs RDMS :: simple concurrent problem ?

    Good afternoon;

    Im just wonderring how to deal with simple problem. Lets suppose im going to create security system and have two tables at the very beginning stage.

    CREATE TABLE users (
    user_id SERIAL NOT NULL PRIMARY KEY,
    user_name varchar(30),
    role_id
    FOREIGN KEY (role_id) REFERENCES roles(role_id)
    );

    CREATE TABLE roles (
    role_id SERIAL NOT NULL PRIMARY KEY,
    role_name varchar(30)
    );

    Lest suppose there are two ADMIN with the same priviliges both, ADMIN_1 and ADMIN_2. Every database query is done through HTML form with PHP support.
    ADMIN_1 wants to update a system user and change a role to him. ADMIN_1 calls a form and with dropdown html control he want to change the role to "supervisor" for that user(any other than ADMIN_1 and ADMIN_2). He doesnt click submit button yet.
    ADMIN_2 deletes the role "supervisor" from the sytem.
    ADMIN_3 clicks submit button. And he sees the DBMS error that there doesnt exists such an entry in roles table.

    My question is, what kind of methods are used to solve that problem ?
    How to get error in the html form back istead of having dirty RDMS error ?
    ADMIN_2

    thank you for your help in advance.

  2. #2
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jofes
    ADMIN_3 clicks submit button. And he sees the DBMS error that there doesnt exists such an entry in roles table.
    There should be:
    ADMIN_1 clicks submit button. And he sees the DBMS error that there doesnt exists such an entry in roles table.

  3. #3
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    theres not really an easy solution.

    some possibilties would be to only allow 1 admin to be logged in at a time. i have a feeling this may be too restrictive for your intents, although it is a very simple and solid way to solve these type of problems. however, it wouldnt solve the problem if the same user were to open a second browser window and he himself would create the scenario with 2 seperate browser windows.

    another possibility would be to lock certain actions. for example, when ADMIN_1 requests the page which offers to use the supervisor usergroup, then you could lock the ability to add/delete usergroups until ADMIN_1 has submitted the form. stuff like this can quickly get complicated and hard to manage due to the nature of the web, and the existance of the back button in a users browser

    even with a locking system, you will have the possibility of a race condition.
    for example, your script realizes someone wants to use the usergroup dropdown. so it will add an entry to a table to advise other scripts they cannot add/delete usergroups at the moment. there is a chance though that if both page requests were made at nearly exactly the same time, that one of the scripts would miss the advisory and blissfully continue on unaware. the chance is low, but the race condition exists.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •