Hi Chris On Tue, 2003-01-28 at 22:09, Chris Shiflett wrote: > --- Petre Agenbag <[EMAIL PROTECTED]> wrote: > > I have a rather annoying problem regarding forms. > > I have built an app that allows the users to fill > > in a rather large form (much like a claim form) > > and then have the data pumped into a mysql db. > > The problem is: the users want to be able to > > "save" their forms on their systems as a) > > backup/proof that they have filled it in and b) > > for their records for future use and c) the hope > > is that it would also allow for a reliable method > > to complete the form off-line and then submit it > > when online again. > > Well, this sounds like a bad idea in general, but if you > have no choice in the matter, I suppose cookies can fulfill > the need. > > Anything you implement like this is going to lessen the > security of the data, because rather than the client > sending it to you once, you are going to expose it over the > Internet several times. If this risk is acceptable for > whatever reason, then cookies are probably no less secure > for this data than anything else. > > Normally, I would highly recommend *not* storing client > data on cookies, because that opens you up to several types > of attacks, but you can accomplish what you want to do with > this method. Only "punish" those who want this feature by > setting these cookies only for those who choose to save > this data locally. You could help the situation by > encrypting the data in your cookies, so that only > presentation attacks are a concern, but your users wouldn't > be able to easily look at their data as verification of > anything. > > My recommendation is to leverage your position as the > technical expert to advise a more proper solution, one that > you agree to, not them. They should not be consulted > regarding application design unless they have experience > with it. Rather, they should be describing their needs and > let you (or the technical lead / project manager) do the > technical design. This is exactly what I'm looking to do; but my problem remains: I don't know what the best solution is. The problem is clear: the users actually need an electronic copy of the data they submit; they must revisit certain issues annually, and would need to access the data they submitted the previous year; either for review purposes, or to make the new submission a speedy matter of simply changing the details that are different from last year. It's much like a normal office scenario: each person works on Word docs that need to be shared with others, yet needs to be editable and must be saved etc, BUT the difference here is that the data of all the collective sources must be entered into a central db. So the "non technical" solution would be for the users to do the forms in "word", then fax it to the central office, where you have a temp type the data into the db... we can't have that now... Any ideas?
PS, I don't think cookies are going to do this. Remember, the user needs to be able to access and re-submit the form at any stage. > > Good luck to you. > > Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
