views:

63

answers:

2

This answer is based on this answer. Cha uses arrays in storing login -info in contrast to my code.

It likely improves the efficiency in searching the login -data and keeps your data organized. However, I am not sure whether this is the best data structure in storing all pieces of the login info.

My solution always fetches passhash from the database when needing the info and then destroyes it after the use, instead of storing it to the array in PHP for session. It also keeps all variables as independent variables. It uses heavily PostgreSQL in contrast of data manipulation by a scripting language.

Which are the pros and cons of using arrays in PHP for storing login data?

[edit]

I use the following code at the moment in getting the data from the database.

 $result = pg_prepare($dbconn, "query22", "SELECT passhash_md5 FROM users
         WHERE email=$1;");                                                                                                                      
 $passhash_md5 = pg_execute($dbconn, "query22", array($_REQUEST['email']));

So it should be changed to PDO to make it better. Studying that.

+1  A: 

The Pros of keeping data using a Session based login system is the fact that it doesn't hit the database very hard. Databases are a single entity, as in you connect to the database and a table. If you have millions of pages doing that, things can get tricky.

On the other hand, storing stuff in a session array, you have a lot of small files that are each their own separate entity, and each is only accessed once per page view by that specific visitor.

Session files also are smaller and easier to grab everytime. In a database, you have to search through a lot of records (if you have a lot of users), and find the specific record. In contrast, sessions simply grab the data in a specific file for that specific session.


Going from what Ryeguy added. I would highly advise against select every record, and then doing a while loop through them to find the right user. I'd suggest look at the Where statement, so you can have the database only give you the record that matches the user's username.

Chacha102
+1  A: 

That was just a matter of preference, it really doesn't matter. One possible use is a sort of namespacing, though. Imagine you have two forms on one page: login and register. Obviously, at the very least, these forms would both have a username and password field. To differentiate between the two, you could have the fields named register[username] and login[username] (ditto with password), that way you could tell which is which.

Also, please don't use the SQL query in your other question. Do you realize you're returning the ENTIRE user table every time someone logs in? Imagine what happens if you get 100,000 users on your site..your logins would take minutes and your database would be brought to its knees. I think you should learn some basic sql before tackling this.

Also, look into using PDO instead of the procedural database functions. PDO is cleaner, easier, and can be faster in some cases.

ryeguy
Do you mean my answer or the other question?
Chacha102
Well, I was referring to the SQL from your answer, but I realize that you just copied what the OP had. I'll edit for clarity.
ryeguy
Just checking to make sure I didn't make some error in my answer :)
Chacha102
@ryeguy: I have been improving my code now for a while. Please, see my recent code in the question. **What would you improve?**
Masi