Secure a unique ID before inserting into DB

Re: Secure a unique ID before inserting into DB

> I am writing an application to handle support requests, and the user[color=blue]
> needs to have his request number printed out in front of him even before
> he hits the "submit" button. I have no idea how to secure a unique
> number without relying on a database.
> How could this be done ?[/color]

how about inserting a record before submit? In other words, you have php
file that displays form to enter request. Before you do anything in that
file insert a record, and put in some column of it something like
"finalized= 'F' ,and then display form now that you know the Id.

Then when you process submit, just update the existing record, and turn
"finalized='T'" .

rush
--

Re: Secure a unique ID before inserting into DB

or you can store a number in a file and everytime you need to display the
page read it, increment it and save the file. Its something like doing page
view counters.

sanjay


"rush" <pipa@rush.aval on.hr> wrote in message
news:bn32u2$8h6 $1@ls219.htnet. hr...
| > I am writing an application to handle support requests, and the user
| > needs to have his request number printed out in front of him even before
| > he hits the "submit" button. I have no idea how to secure a unique
| > number without relying on a database.
| > How could this be done ?
|
| how about inserting a record before submit? In other words, you have php
| file that displays form to enter request. Before you do anything in that
| file insert a record, and put in some column of it something like
| "finalized= 'F' ,and then display form now that you know the Id.
|
| Then when you process submit, just update the existing record, and turn
| "finalized='T'" .
|
| rush
| --
| http://www.templatetamer.com/
|
|
|

Re: Secure a unique ID before inserting into DB

You could base the number on the Unix time stamp. That would always be
unique (since it's just one long string of seconds since 1970). Then append
that number with some other identifier (IP address, User ID, etc) Then,
when they hit "submit", just save it.

Using that method would also automatically give you the date/time that the
request ticket was created; all you'd have to do is parse and decode the
first part of the request ticket.

Here's a base reference. Look at all the date/time references in the PHP
manual as well.






Rob


"luc wastiaux" <dustpuppy@airp ost.net> wrote in message
news:bn2sjn04hm @enews4.newsguy .com...[color=blue]
> Hello,
> I am writing an application to handle support requests, and the user
> needs to have his request number printed out in front of him even before
> he hits the "submit" button. I have no idea how to secure a unique
> number without relying on a database.
> How could this be done ?
>
> thanks.
>
> --
> luc wastiaux - email: dustpuppy@airpo st.net
>[/color]

Re: Secure a unique ID before inserting into DB

Rob wrote on Wednesday 22 October 2003 10:07:
[color=blue]
> You could base the number on the Unix time stamp. That would always be
> unique (since it's just one long string of seconds since 1970). Then
> append
> that number with some other identifier (IP address, User ID, etc) Then,
> when they hit "submit", just save it.
>
> Using that method would also automatically give you the date/time that the
> request ticket was created; all you'd have to do is parse and decode the
> first part of the request ticket.[/color]

That wouldn't work for simultaneous users who are using a proxy server.
i.e., if at any point that app was used by 2 or more users simultaneously
under the same proxy, it would have to use a different logic for generating
unique IDs.

One that I've seen and used a lot is similar to (or expanding of) what
Sanjay suggested with the difference that there's many numbers and they are
all stored in a database table.

So, you have a table:
uniqueid
----------
id

and a few number records (depending on user load) like:

150, 151, 152, 153, 154, 155

When you want a new ID, you grab the lowest ID (150), delete it, and insert
a new one at the end (156). Sometimes, and depending on database platform,
it is recommended to use transactions, as well as row-level, page, or table
locking to handle [rare, depending on the user load] truly simultaneous
requests.

This is a brief comment. There are some views and papers published on this
by experts. I'm sure if the OP searches, he will find some nice ways to
accomplish this.

--
Business Web Solutions
ActiveLink, LLC