INSERT queries which are not thread safe

[nessence]

The example code below appears in multiple places (most importantly, in functions-post.php):

        // Get the FOO ID.
        if ( $update ) {
                $FOO_ID = $ID;
        } else {
                $id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->FOOs'");
                $FOO_ID = $id_result->Auto_increment;
        }

This is not thread safe and most importantly may cause other problems in a multi-user environment. Because apache is a multi-threaded environment, if two users tried to post at the same time, they could get assigned the same '$id_result'.

One solution is mysql's automatic incrementing. Your query would change from

"INSERT INTO $wpdb->posts
(ID, post_author, post_date, ...)
VALUES
('$post_ID', '$post_author', '$post_date', ...)";

to

"INSERT INTO $wpdb->posts
(post_author, post_date, ...)
VALUES
('$post_author', '$post_date', ...)";

Doing so causes mysql to automatically update the ID. The current manual process sort of negates auto_increment properties in the table creation schema. Safely handling the auto increment without using the SQL above would require an additional sequence table in mysql which handles IDs OR inserting the row before the post is finished and then modify the values of that row.

How are you to handle this? I would suggest the above SQL corrections. If you require persistance of the row ID after you insert the post, you can always (carefully) use the ​http://us2.php.net/mysql_insert_id function.

I will gladly provide a patch, however I don't know the entire code base and am not sure why the current method is being used.

This is not an issue when a persistent mysql connection is being used on a non-threaded web server. This is a likely a major issue for apache and a critical issue for environments when PHP is executed as an CGI.

[ryan]

(In [2948]) Remove thread unsafe Auto_increment tricks. fixes #1753

[(none)]

Milestone 2.0 deleted