Conceptually, yes.Charles L. Cotton wrote: So from a conceptual viewpoint, am I on the right track? It seems to me that after setting up the mySQL5 database, I need to:
- Step one - Take input from the registration form and append it to the appropriate table;
Step two - Increase the number of people registered by one each time the action in step one occurs and echo to the number of available slots to the web page;
Step three - Echo a confirmation for the person to print;
Step four - Reject input when the event is full and echo a notice that the class is full.
Getting and storing the input is the easy part. Properly sanitizing said input to ensure that you aren't the target of a SQL injection attack or any other attack by malicious persons with nothing better to do with their time is the more difficult (and important) part. A quick look at the security vulnerabilities tracked at http://www.securityfocus.com/vulnerabilities" onclick="window.open(this.href);return false; will demonstrate that there are still many applications in widespread use that are not immune to such attacks.
A couple of suggestions for you:
1. If you decide to "roll you own," spend at least as much time as you do on coding as you do on security testing. Open your app up to limited access to a few trusted individuals, on a DB instance that means nothing to you. Test, test, test! And then test some more...only then should you even think about opening things up to the Internet masses.
2. Take the suggestion made by one of the other list members and go with a fairly well-known application that is already in use and has reaped the benefits of having been deployed publicly for a set period of time. Keep in mind, though, that even well-known apps can be found to have security flaws related to the user interface.
3. Take an existing application you think satisfies your level of comfort in terms of security and modify it to fit you needs (two excellent places to start your search: Freshmeat and SourceForge. Programmers don't like to reinvent the wheel, and the chances are good someone with more experience and knowledge has already forged a path for you. Take advantage of their expertise! You'll become a better programmer in the process.