Home/ Questions/Q 820103
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T02:25:18+00:00

I am designing a web site, and it has the ability to log in.

  • 0

I am designing a web site, and it has the ability to log in. When someone is logged in, there is at times a need to know what group they’re in. Specifically, whether they are in the officer group. Currently, I have a MySQL stored proc BOOL is_officer(INT id), where id is the user id number.

My question: Is it wise to make a PHP function in my library (bool) is_officer(), which uses $_SESSION['id'] and calls the MySQL stored proc?

Next, is it wise to make a page /ajax/is_officer.php, which would call the function in PHP, which would in turn call the MySQL stored proc, in case I need to (insecurely) know whether the user is an officer on-the-fly?

(Last would be making a JS function is_officer() which would send an AJAX request to is_officer.php).

tl;dr: Same function name in many languages, one calls another, closer and closer to the database — good idea or bad idea?

I’m basically asking for your guidance here — sort of a communal yay/nay vote. Does this match any design patterns you’ve seen in the past?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This seems way too specialized a function to have. With this approach, you’ll eventually accumulate a set of functions on various levels for each trivial bit of information. Also, making a roundtrip to the database can quickly become very wasteful.

    I’d prefer to store relevant information about the logged in user in a session. Something along the lines of this:

    if (/* user logged in successfully */) {
    $user = $Db->getUserInfo($id);
    // $user = array('id' => 1, 'name' => 'Foo', 'officer' => true, ...)
    $_SESSION['user'] = $user;
}

    And whenever you need to know if the user is an officer, you just check for $_SESSION['user']['officer'].

    • 0