[Wolves] mysql select help
Andy Wootton
andy.wootton at gmail.com
Tue Mar 13 11:27:54 UTC 2012
Do you read Linus' Google Plus? It's all about diving and some dive-log
software he's written.
On Mar 13, 2012 9:50 AM, "Mike Hingley" <computa_mike at hotmail.com> wrote:
> Could you use a CMS system such as Wordpress or joomla to get the
> membership management. That way you can just add the functionality you need
> on top of the CMS? And you get security and validation for free...
>
> Sent from my HTC
>
> ----- Reply message -----
> From: "Wayne Morris" <waynelists at machx.co.uk>
> Date: Tue, Mar 13, 2012 02:45
> Subject: [Wolves] mysql select help
> To: <wolves at mailman.lug.org.uk>
>
> On 13/03/2012 01:52, Chris Ellis wrote:
> > Can you share your schema? It makes it easier to assist in SQL >
> problems when you know what the table structures are.
> My structures are at best 'pitiful' lol, its a work in progress - only
> 400+ current records so haven't worried about spending too much time
> optimising fields,
> eg addresses are all pretty much Wolverhampton, but do I use a linked
> table for towns...noooo ;-) . when I get to 4000+ i hope to have enough
> money to
> pay someone to write it properly lol.
> So, one field one item, functional rather than 'neat' ;-)
>
> Basically its a simple address book for booking in my scuba students, so
> just who, when, what type of stuff, about 30 fields - have quite an
> elaborate set of filters on a webpage protected by htacess to sort and
> produce print lists for internal use - and a simple 'add yourself' page
> which students can access in an open directory.
>
> Got a lot to do to it, security is the next issue - currently I only allow
> students to add themselves database, no editing, the data isn't sensitive
> (well, no credit cards or the like) so the worst they can do is add non
> existent person.
> But I want to add 'edit your own record' and since my current setup is
> that update.php produces a POST link of eg website/update.php?id=356 , I
> know this
> is enough to let the naughty inject another ID to edit someone else's
> record.
> Since I only need reasonable privacy (nothing of value but info available
> on 192.com to steal) would I be ok:
> 1)Finding some way of randomising ID key, if it was 10 digits, it would be
> nearly impossible to guess one of the other 400 users ID's
> 2) provide them with a link comprising first name, 2nd name and dob,
> passwordrd fieldd so still breakable if someone knows them, but still tough
> 3) something else?
>
> I don't really want to go down the user log on bit as it confused the hell
> out of me last time I did one, and they at most need a one time edit
> facility to
> add details they screwed up on adding themselves in the first place so it
> doesn't seem worth the effort .
>
> I know the proper answer is 'do it right' but I'm just trying to bash
> enough code together in my spare time to get by, so easy and enough is good
> ;-)
>
> cheers
>
> Wayne
>
>
>
>
>
>
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves
>
>
>
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20120313/f714ae83/attachment.htm>
More information about the Wolves
mailing list