Hi
I have a PHP/MYSQL driven site. When a user creates a new account or updates their existing username or email address I do a quick check to make sure the requested entries are not already in use. I am concerned that in the few milliseconds between the SELECT and INSERT/UPDATE statements someone may grab that username/email resulting in duplicate entries. This would obviously be very bad.
First off, am I panicking for no reason? Should I put my hair out and go on my merry way or this a real possibility that I need to code against?
Second, what is the best way to guard against this? I am thinking about starting a transaction, inserting the data then doing a search to see if more than one row is returned. If not then I would commit the transaction.
Any thoughts on this would be appreciated.
cmccully