Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When I am grabbing data from my table that require permissions, should all the permission be done there? Such as checking for an admin or if they can view the data (in MySQL)?
Or should I grab it if they have a record at all, then check the specific actions (such as view, add, edit, delete) on the PHP side?
It’s usually more efficient to do everything in SQL but it’s also more complicated, and can be a lot harder to maintain.
Mostly it depends on your exact security model and security concerns.