On 7/19/07, John Comerford <[EMAIL PROTECTED]> wrote:
I am in the process of putting together a web application. I have decided to add a 'RowId' field to all my tables and assign it a unique number so that I use it to retrieve data. In concept this number might be passed back to the server as part of an ajax request etc. My question is what is the best way to assign this number.
An auto_increment integer.
1) It is not 'guessable', a sequence number might open up some security issues by allowing a user to replace the RowId if it is held in hidden field or something like that.
You should be use a single MD5 (or probably SHA1) digest to prevent that. Here's an example: http://www.oreilly.com/catalog/cgi2/chapter/ch08.html
2) Performance, I am still fairly green with MySQL but I would have to assume that having an extra 32 char field in a table is going to have a performance impact.
http://www.mysqlperformanceblog.com/2007/06/18/using-char-keys-for-joins-how-much-is-the-overhead/ - Perrin -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
