[Wolves] mysql select help

Wayne Morris waynelists at machx.co.uk
Tue Mar 13 02:45:16 UTC 2012


On 13/03/2012 01:52, Chris Ellis wrote:
> Can you share your schema? It makes it easier to assist in SQL 
> problems when you know what the table structures are.
My structures are at best 'pitiful' lol, its a work in progress - only 
400+ current records so haven't worried about spending too much time 
optimising fields,
eg addresses are all pretty much Wolverhampton, but do I use a linked 
table for towns...noooo ;-)  . when I get to 4000+ i hope to have enough 
money to
pay someone to write it properly lol.
So, one field one item, functional rather than 'neat' ;-)

Basically its a simple address book for booking in my scuba students, so 
just who, when, what type of stuff, about 30 fields - have quite an 
elaborate set of filters on a webpage protected by htacess to sort and 
produce print lists for internal use - and a simple 'add yourself' page 
which students can access in an open directory.

Got a lot to do to it, security is the next issue - currently I only 
allow students to add themselves database, no editing, the data isn't 
sensitive (well, no credit cards or the like) so the worst they can do 
is add non existent person.
But I want to add 'edit your own record' and since my current setup is 
that update.php produces a POST link of eg   website/update.php?id=356 , 
I know this
is enough to let the naughty inject another ID to edit someone else's 
record.
Since I only need reasonable privacy (nothing of value but info 
available on 192.com to steal) would I be ok:
1)Finding some way of randomising ID key, if it was 10 digits, it would 
be nearly impossible to guess one of the other 400 users ID's
2) provide them with a link comprising first name, 2nd name and dob, 
passwordrd fieldd so still breakable if someone knows them, but still tough
3) something else?

I don't really want to go down the user log on bit as it confused the 
hell out of me last time I did one, and they at most need a one time 
edit facility to
add details they screwed up on adding themselves in the first place so 
it doesn't seem worth the effort .

I know the proper answer is 'do it right' but I'm just trying to bash 
enough code together in my spare time to get by, so easy and enough is 
good ;-)

cheers

Wayne









More information about the Wolves mailing list