[Wolves] mysql select help

Mike Hingley computa_mike at hotmail.com
Tue Mar 13 09:45:54 UTC 2012 

I didn't know you were a scuba instructor - that's so cool...some time ago I started working on some dot net nuke modules for scuba communities... things like equipment logs, allowing you to store your gear, along with servicing information, and a point of interest module to store dive locations. I even worked on a notifications system, so that you could be reminded when your hear needed servicing. 

Basically I had an idea for a social scuba site.  Scuba having the buddy system, you could keep in touch with all your mates on the site, or even make more friends through the skooba-doo's (i was going to call the site skooba.net)
I'd even thought about providing the ability for scuba clubs to host on the site...

I still have the site somewhere, I'll have a look, see if I can dig it out.


----- Reply message -----
From: "Wayne Morris" <waynelists at machx.co.uk>
Date: Tue, Mar 13, 2012 02:45
Subject: [Wolves] mysql select help
To: <wolves at mailman.lug.org.uk>

On 13/03/2012 01:52, Chris Ellis wrote:
> Can you share your schema? It makes it easier to assist in SQL > problems when you know what the table structures are.
My structures are at best 'pitiful' lol, its a work in progress - only 400+ current records so haven't worried about spending too much time optimising fields,
eg addresses are all pretty much Wolverhampton, but do I use a linked table for towns...noooo ;-)  . when I get to 4000+ i hope to have enough money to
pay someone to write it properly lol.
So, one field one item, functional rather than 'neat' ;-)

Basically its a simple address book for booking in my scuba students, so just who, when, what type of stuff, about 30 fields - have quite an elaborate set of filters on a webpage protected by htacess to sort and produce print lists for internal use - and a simple 'add yourself' page which students can access in an open directory.

Got a lot to do to it, security is the next issue - currently I only allow students to add themselves database, no editing, the data isn't sensitive (well, no credit cards or the like) so the worst they can do is add non existent person.
But I want to add 'edit your own record' and since my current setup is that update.php produces a POST link of eg   website/update.php?id=356 , I know this
is enough to let the naughty inject another ID to edit someone else's record.
Since I only need reasonable privacy (nothing of value but info available on 192.com to steal) would I be ok:
1)Finding some way of randomising ID key, if it was 10 digits, it would be nearly impossible to guess one of the other 400 users ID's
2) provide them with a link comprising first name, 2nd name and dob, passwordrd fieldd so still breakable if someone knows them, but still tough
3) something else?

I don't really want to go down the user log on bit as it confused the hell out of me last time I did one, and they at most need a one time edit facility to
add details they screwed up on adding themselves in the first place so it doesn't seem worth the effort .

I know the proper answer is 'do it right' but I'm just trying to bash enough code together in my spare time to get by, so easy and enough is good ;-)

cheers

Wayne







_______________________________________________
Wolves LUG mailing list
Homepage: http://www.wolveslug.org.uk/
Mailing list: Wolves at mailman.lug.org.uk
Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20120313/9eee2746/attachment.htm>

More information about the Wolves mailing list