Results 1 to 4 of 4
  1. #1
    Join Date
    Aug 2008
    Posts
    2

    Unanswered: Allowing users/visitors to insert records into MySQL

    Hey all. I'm mostly a self taught web developer, and I've run into a question I just can't seem to find anything about on google.

    I have a ranking system on my php / mysql web site that lets users rank an object 1 - 10.

    The ranking inserts a record into a table with the objectID, userID and ranktotal.

    My questions about this are:

    Should I even do this? Does this create security issues? I have anti-SQL injection code.

    Will I have problems if 10+ or 100+ people are ranking (inserting records) at the same time?

    My thoughts on these questions lead me to think I'm not doing this the right way... any thoughts? Is this something for XML or other data storage?

    Thanks for any help / input!

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    Quote Originally Posted by dstang21
    Hey all. I'm mostly a self taught web developer, and I've run into a question I just can't seem to find anything about on google.

    I have a ranking system on my php / mysql web site that lets users rank an object 1 - 10.

    The ranking inserts a record into a table with the objectID, userID and ranktotal.

    My questions about this are:

    Should I even do this? Does this create security issues? I have anti-SQL injection code.

    Will I have problems if 10+ or 100+ people are ranking (inserting records) at the same time?

    My thoughts on these questions lead me to think I'm not doing this the right way... any thoughts? Is this something for XML or other data storage?

    Thanks for any help / input!
    I could understand a table which had an objectId and userid as the primary key, and the ranking the userhas associatfed with that objectid. you could then AVeraGe the rankings to provide your overall ranking for that object. Im not sure I'd want to use a ranktotal in the way you propose. you coudl arguably use an exponential smoothing factor to store a ranking total, however your model would then be exposed to specific users following the doctrine of William Hale Thompson of "vote early vote often".
    I'd rather be riding on the Tiger 800 or the Norton

  3. #3
    Join Date
    Jun 2007
    Location
    London
    Posts
    2,527
    Should I even do this?
    Yes if you want users to be able to rank items

    Does this create security issues? I have anti-SQL injection code.
    I assume you just pass the object id and the rank the user wants to give it. The program should work out who the user is (assume using php sessions). Assume you would only store a users rank for an object once ie if the user scores an object 20 times then this is just the same as them ranking an object once.

    The ranking inserts a record into a table with the objectID, userID and ranktotal.
    Does this mean that if a user 1 ranks object 2 as 10 it will just insert (1,2,10) or will it add up the current scores and make a total. If it's the former then you're fine, if it's the latter then I think you'll have issues.

    PS sorry mark - you must of replied while I was typing.

  4. #4
    Join Date
    Aug 2008
    Posts
    2

    thanks

    All sounds good guys, thanks for the input / help.

    My site is currently only at a private launch stage. The ranking application allows user to rank random objects. After each ranking it shows the previous object, what the user ranked it, and an average ranking. On another detail page, a top 10 ranking list is shown.

    The table inserts 1, 2, 10 (userID, objectID, rankTotal) just as one of you assumed.

    I'm currently tweaking this, but the end result (output) I had in mind was an SQL statement taking the sum of totalRank, and dividing by number of rows for that object. I also had thoughts of making user lists for those logged in, letting them see which objects they had ranked highest.

    As for vote early vote often... I see the point, have thought a little about that (probably not that specific quote/thought), but I'm not all that worried. The ranking system is merely for entertainment. The worst case scenario I can see (aside from some hacking) is a user ranking all 1 or all 10s for an extended period of time.

    Anyway... thanks again for the input, and I'll be checking back to see if there's any other worries or thoughts on this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •