On May 22, 2008, at 10:50 PM, Rams wrote:
Hi Everyone,
Please pardon me if I am asking extremely stupid questions, but I'm
starting to do some work with my database and I have a few questions
about EnterpriseObjects and database things in general...
The first question is about creating unique data... I have a user
object and I need unique usernames for obvious reasons. Now, I know
it is unlikely, but let's say that two visitors attempt to create a
user at the same time and they happen to pick the same username.
EOQualifier qualifier = User.SCREEN_NAME.eq(username);
if(User.fetchUser(ec, qualifier) == null) {
User.createUser(ec, email, password, username);
ec.saveChanges();
}
If these fired at the same time, is it possible that two users with
the same username could be created? If so, does anyone have any
pointers to prevent duplicate data?
The second question regards security/sql injection. Is there any
sort of user input I should be on the lookout for in my
validateUsername method? Like username "admin'--" or some such? I
assume that as long as I stick to EOQualifiers and don't touch the
SQL myself that all the input will be properly escaped...
Finally, third question... I'm using MySQL. I will ensure InnoDB is
used by default as mentioned here:
http://homepage.mac.com/kelleherk/iblog/C711669388/E20070719095201/index.html
Is there anything else I need to do in order to produce ACID
transactions with WO? It doesn't hurt to be buzzword compliant you
know ;-)
Use InnoDB to esnure transactional commit/rollback.
In MySQL 5.0+, add this param to the config file:
innodb_rollback_on_timeout
IMHO, MySQL is a good database server. Have a look at the silent
changes it makes ..... AFAIK all these conditions should be handled by
your validation methods before they ever hit the database anyway, so
should not be a problem. YMMV.
http://dev.mysql.com/doc/refman/5.0/en/data-type-defaults.html
With regards "silent" truncation of varchars where they exceed the
length of the field, this can be configured to throw an error .....
again by configuration. I would think your EO validation methods would
check for column length anyway .... IIRC, EOF will error by default if
it exceeds the field length specified in the EOModel.
http://dev.mysql.com/doc/refman/5.0/en/char.html
http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html
In general MySQL "out of the box" configuration is absolutely useless.
To use MySQL, you *MUST* configure your installation.... this is done
generally with the /etc/my.cnf file which specifies launch arguments
for mysqld. Read the fine manual or Jeremy Zawodonwy's book "Advanced
MySQL".
IMHO, MySQL is very versatile and offers a number of different
"engines" for different applications and offers many configuration
options to tailor the functionality as you wish. This is just my
opinion, so feel free to use whatever database you like. In any case,
pick one of the ones that is popular with WO developers so that you
can get help when you need it. Use prototypes from the start and it
will be easy to change database platforms later if you wish.
Thanks everybody! I really appreciate the help everyone here
provides.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/kieran_lists%40mac.com
This email sent to [EMAIL PROTECTED]
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
