Use ID or Name for SQL-Query in a MultiToMulti Database

Question

I got a table (SQL) with a lot of privileges they all got an ID and a Name And I got a seccond table with two columns one has the ID of a role the other one contains the id of the privilege. (Many-To-Many Relationship)

So my script knows what role the user has and it needs to check if the user has the rights to do the action.

In my script (PHP) it calls my access_check function with the paramter $privilege and then checks with the database if a matching row exists containing the right privilege ID and role ID.

What is the better way to go:

As Parameter use the Name of the privilege and then look up the id to the privilege (thats more readable for me in the script)

OR

Use the ID straight away (A Database Query less and less data that Needs to be safed somewhere)

Answer 1

It depends a bit on your setup. Some ideas/thoughts/questions:

1) If the number of privileges you need to keep track of is small and does not change over time, you can create constants with appropriate names in your PHP script and use these instead of the privilege ids. That has the disadvantage that you need to repeat info from the database hard-coded in the script. But it is fast and readable.

2) Why don't you use an INNER JOIN to the privilege table that contains the name? That way you can use the name in the WHERE clause directly. The advantage of this approach is that you don't need to repeat any data in our php code. The query should be fast enough if you set the indexes right, since INNER JOINS really are well optimized in mysql.

3) Why do you have the role name of a user in your script and not the role id? Same holds for privilege. Why do you need the names of these at all in the check routine. I would think that the user should have a role id and the role id is bound to privileges in the privilege table. Where do the names of these entities come into play in your script?

I hope this helps you getting the design of your code right.