Crazy Horse
asked on
creating 2 user ID's
I am not sure if this is a worthwhile idea but at the moment when a user is stored in the database they get ID's starting from 1. In a url string that would should something like page.php?userID=1
That seems to easy to manipulate. So, I created another column in the database for another unique ID that I would use in the URL instead. I just wanted to know if a) this is worth doing or if it's pointless and b) Is this good enough to use? The below code was actually an example for something else but it seemed like a good choice (I think).
I was also concerned that there is a chance that there could be a duplicate entry so perhaps before the user is able to register, I have some code to check that it doesn't exist before continuing. Not sure what I would do if it did exist though because the user isn't in control of what is generated.
That seems to easy to manipulate. So, I created another column in the database for another unique ID that I would use in the URL instead. I just wanted to know if a) this is worth doing or if it's pointless and b) Is this good enough to use? The below code was actually an example for something else but it seemed like a good choice (I think).
function randUserId() {
return strtr(
base64_encode(
random_bytes(9)
),
'+/',
'-_'
);
}
I was also concerned that there is a chance that there could be a duplicate entry so perhaps before the user is able to register, I have some code to check that it doesn't exist before continuing. Not sure what I would do if it did exist though because the user isn't in control of what is generated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Ray. Always nice to see other examples.
I am a simple man and the less code it takes to do something the better so I probably will stick to what I have if it's deemed acceptable by geniuses such as yourself ;)
I am a simple man and the less code it takes to do something the better so I probably will stick to what I have if it's deemed acceptable by geniuses such as yourself ;)
Agree with "simpler == better."
There is also a per-request unique string available in $_SERVER["UNIQUE_ID"]
http://httpd.apache.org/docs/current/mod/mod_unique_id.html
There is also a per-request unique string available in $_SERVER["UNIQUE_ID"]
http://httpd.apache.org/docs/current/mod/mod_unique_id.html
ASKER
Yes, I am storing it in the database. Good call on setting it to UNIQUE in MySQL.