mysql数据库和多个用户
[英]mysql database and multiple users
问题描述
I'm working on a web site that will have multiple users. 
我正在一个将有多个用户的网站上工作。 Say 5 users total.What I need to make sure is, that each user will only be able to access the data they input. 假设总共有5个用户。我需要确保的是,每个用户只能访问他们输入的数据。
Think of a CRM or Job Board. 考虑一下CRM或工作委员会。 So john will only be able to access johns info, edit, add, etc. Same with jane and june. 因此,john将只能访问johns信息,进行编辑,添加等。与jane和june相同。
Now if my reading is correct, all i need to do is make sure the queries pull only the data based off their unique id correct? 现在,如果我的阅读是正确的,我所要做的就是确保查询仅根据其唯一ID正确提取数据吗?
so the database table for the users looks like: 因此,用户的数据库表如下所示:
Database: xxxxx, Table: xh_user
user_id
user_username
user_fname
users_email
users_password
users_salt
so if johns user_id is 7, when he logs in, it queries his id and displays only his content from the database. 因此,如果johns user_id为7,则当他登录时,它将查询其id并仅显示数据库中的内容。
Am i correct on this?, or is there a different or better way to accomplish this? 我对此是否正确?或者是否有其他或更好的方法来实现这一目标?
4 个解决方案
解决方案1
0 2013-09-30 05:14:56
As long as your foreign keys are setup correctly so that the data is linked to the user_id (PK) then it should be fine. 只要正确设置了外键,以便将数据链接到user_id (PK)就可以了。 Alternatively you can setup a user_roles table which contains access rights. 另外,您可以设置一个包含访问权限的user_roles表。
解决方案2
0 2013-09-30 05:15:22
As far as I know and how I have been programming, yes. 据我所知以及如何编程,是的。 If you are looking for extra security, perhaps check the user's password/salt against what is in the database. 如果您正在寻找额外的安全性,也许对照数据库中的内容检查用户的密码/盐。
解决方案3
0 2013-09-30 05:16:00
li need to do is make sure the queries pull only the data based off their unique id
I'm not sure what you mean by this, but it is too a general/broad statement to be either bad or good. 我不确定您的意思是什么,但这太笼统了,不管是好是坏。 It really depends on the system you're building. 这实际上取决于您正在构建的系统。 This is by no means a generally applicable statement. 这绝不是一般适用的声明。
Now in your current set-up this looks somewhat correct, but in the long-ish term you might need some data be public, or at least accessible by several people. 现在,在您当前的设置中,这看起来有些正确,但是从长远来看,您可能需要一些数据是公开的,或者至少需要几个人可以访问。 This is impossible in your current design. 在您当前的设计中这是不可能的。
I would split the access and content, as they are separate things. 我将访问权限和内容分开,因为它们是分开的东西。 Save what users (or look up a role-based pattern) have access to what data in separate tables, so you can build on what you have later, and add multiple user functionality. 保存哪些用户(或查找基于角色的模式)可以访问单独表中的哪些数据,因此您可以在以后的数据上进行构建,并添加多个用户功能。
This could become a long discussion, so I'll end with this: The bottomline with all database design is that you should save your information in a way that represents logical units, as it is in the real world (Yes, I'm taking some shortcuts here). 这可能是一个漫长的讨论,因此我将以以下内容结束:所有数据库设计的底线是,您应该以代表逻辑单元的方式保存信息,就像在现实世界中一样(是的,我正在一些快捷方式)。 So coupling a username to an id seems normal. 因此,将用户名与ID耦合似乎是正常的。 But making the connection between a job and a user isn't that logical per se. 但是,在工作和用户之间建立联系本身并不是那么合理。 A job can be visible to multiple users, no sweat. 一项工作对多个用户可见,不费吹灰之力。 Or more then one user could have added the information. 或者一个用户可能已经添加了该信息。 You could say that only 1 user is the 'owner' of a job or any other piece of data, but it seems too restrictive to make your access control purely out of who "owns" the data. 您可以说只有1个用户是作业或任何其他数据的“所有者”,但是似乎过于严格以至于无法完全由谁“拥有”数据来进行访问控制。
But then again, it is only a warning for the future. 但是话又说回来,这只是对未来的警告。 If you never need this, you don't. 如果您从不需要,则不需要。
解决方案4
0 2019-06-11 13:20:15
You could have multiple databases, one per user. 您可以有多个数据库,每个用户一个。 You'll need to have a way to do schema changes & upgrades though, like phinx. 不过,您将需要一种方法来进行架构更改和升级,例如phinx。 I wouldn't recommend this unless you foresee users having multiple users on their own account. 除非您预见到用户拥有多个自己帐户的用户,否则我不建议您这样做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.