When it boils down to it, it’s likely a matter of opinion, but I would like all views and pros and cons!
There are two ways to force users to only be allowed to delete their own content. These functions are located inside of the “BudgetDatabase” class.
This method is more readable, however, you are required to call SQL commands twice (“hasCategory” also runs a SQL query). It also allows you to display error messages or respond if the user does not own that row.
public static function removeCategory($userID, $categoryID)
{
//Always make sure the user is allowed to delete the guest!!
if (BudgetDatabase::hasCategory($userID, $categoryID))
{
$db =& JFactory::getDBO();
$query .= "DELETE FROM `#__budget_categories` ";
$query .= "WHERE (id='".$categoryID."') ";
$query .= "TOP 1; ";
$db->setQuery($query);
$db->query();
}
}
Then there is method two which only runs a SQL command once, improving performance and speed:
public static function removeCategory($userID, $categoryID)
{
$db =& JFactory::getDBO();
$query .= "DELETE FROM `#__budget_categories` ";
$query .= "WHERE (id='".$categoryID."') ";
$query .= "AND (user_id='".$userID."') ";
$query .= "TOP 1; ";
$db->setQuery($query);
$db->query();
}
What would you do? What are your thoughts on the matter? Is there anything I haven’t thought about to consider?
