PHP site... mass users, single folder or individual folders?

[joel24]

I'm making a site which users can sign up to and they'll be able to create an individual site for themselves and appoint users to their site etc...

The sites will be running the same as each other,

 

I'm just pondering my options as to how to set this up...

 

With a single folder with the files - (say V1 for version one and V2 for version2)... and then a mass users list which has a "companyID" column and a version Column... and when the user logs in, there would then be two options, have tables which had all the separate companies data, but depending on the login, the user would only see their data... or individual tables for each company, and when the user logged in it would only fetch information from the relevant tables...?

 

or... the other option, create new folders/files and complete new databases for each company which signs up.. and have them all running individually...

 

Just want to get some feedback about Pros & cons...

 

i realise that having all users using the same database would slow it down, but having individual setups would make it harder for updating...

[Grayda]

I would tend to go for the first option. Here's why:

 

Pros:

• Updating two folders is easier than updating two million folders
  
• Save a ton of diskspace that can be used by your database that is build for size and speed
  
• Easy to keep track of which version a client has and easy to add "custom" versions
  

 

Cons:

• One database. If a malicious user breaks free, ALL of your data is in their hands. Same with files
  

 

And for option two:

 

Pros:

• Small individual database size (which doesn't matter much considering MySQL is built to handle large databases)
  
• Security. A person breaks out, they can get to their own files, but that's it. (See Cons for database considerations)
  
• Greater customization. Each person has their own files and therefore own logo, login pages etc. (Can be a moot point if you store logo information in the database)
  

 

And finally the cons:

• Still susceptible to database security issues (If a user breaks out, they can still access all the data if they are housed on the same machine and / or database)
  
• A million and one files to update should something go wrong
  
• If you have a million users, you'll have a million tables. If you use more than one table per configuration, it quickly adds up (My latest site has 10 tables and counting. 10x1,000,000 = 10,000,000 tables. Imagine finding a table in that, and imagine the loading times if you use something like phpMyAdmin)
  

 

There are many more cons, but you get the idea. Option one is the way to go, if it's written correctly.

 

Avoid big database calls, sanitize EVERYTHING that your users give you, and do LOTS of testing. Hopefully this'll bulletproof your application from having a "ha ha, hacked by <handle>" message appear on all your clients' sites.

 

Enjoy!