Hey all. I'm mostly a self taught web developer, and I've run into a question I just can't seem to find anything about on google.

I have a ranking system on my php / mysql web site that lets users rank an object 1 - 10.

The ranking inserts a record into a table with the objectID, userID and ranktotal.

My questions about this are:

Should I even do this? Does this create security issues? I have anti-SQL injection code.

Will I have problems if 10+ or 100+ people are ranking (inserting records) at the same time?

My thoughts on these questions lead me to think I'm not doing this the right way... any thoughts? Is this something for XML or other data storage?

Thanks for any help / input!

I could understand a table which had an objectId and userid as the primary key, and the ranking the userhas associatfed with that objectid. you could then AVeraGe the rankings to provide your overall ranking for that object. Im not sure I'd want to use a ranktotal in the way you propose. you coudl arguably use an exponential smoothing factor to store a ranking total, however your model would then be exposed to specific users following the doctrine of William Hale Thompson of "vote early vote often".

Yes if you want users to be able to rank items

I assume you just pass the object id and the rank the user wants to give it. The program should work out who the user is (assume using php sessions). Assume you would only store a users rank for an object once ie if the user scores an object 20 times then this is just the same as them ranking an object once.

Does this mean that if a user 1 ranks object 2 as 10 it will just insert (1,2,10) or will it add up the current scores and make a total. If it's the former then you're fine, if it's the latter then I think you'll have issues.

PS sorry mark - you must of replied while I was typing.

All sounds good guys, thanks for the input / help.

My site is currently only at a private launch stage. The ranking application allows user to rank random objects. After each ranking it shows the previous object, what the user ranked it, and an average ranking. On another detail page, a top 10 ranking list is shown.

The table inserts 1, 2, 10 (userID, objectID, rankTotal) just as one of you assumed.

I'm currently tweaking this, but the end result (output) I had in mind was an SQL statement taking the sum of totalRank, and dividing by number of rows for that object. I also had thoughts of making user lists for those logged in, letting them see which objects they had ranked highest.

As for vote early vote often... I see the point, have thought a little about that (probably not that specific quote/thought), but I'm not all that worried. The ranking system is merely for entertainment. The worst case scenario I can see (aside from some hacking) is a user ranking all 1 or all 10s for an extended period of time.

Anyway... thanks again for the input, and I'll be checking back to see if there's any other worries or thoughts on this.