TexasCHLforum.com

I have a question for you programmers. I am learning php (very slowly, mind you) and I need some input on the concept of an event registration program or module to use on a website. This program will be used primarily for events that will be offered by Texas CHL Forum, Inc. (TCF) around Texas when this new organization becomes active after the first of the year.

I need some way to let people register on the Internet for the seminars and other events that this outreach and advocacy organization will put on. I simply won't have time to do that manually, especially during the legislative session. I've looked for commercial packages but the few that are available won't work on the website I'm setting up for TCF.

So from a conceptual viewpoint, am I on the right track? It seems to me that after setting up the mySQL5 database, I need to:

• Step one - Take input from the registration form and append it to the appropriate table;
  Step two - Increase the number of people registered by one each time the action in step one occurs and echo to the number of available slots to the web page;
  Step three - Echo a confirmation for the person to print;
  Step four - Reject input when the event is full and echo a notice that the class is full.

Obviously, this leaves out the operations to input the event number, description, etc. into the database.

Now I know you programmers are trying catch your breath from laughing at my novice description, but when you compose yourselves, let me know if I'm even on the right track. Also, is it possible to import an Access database and/or forms, queries, etc. into mySQL5? If so, I could use Access that is much more user friendly, then move it to mySQL5.

Let me say I really appreciate the offers I've received from a number of you folks to do some free programming. I just don't like doing that when you make a living that way.

Thanks for your input,
Chas.

Step 1: Create your table with an auto-increment primary key.
Step 2: Insert into the database table the results from the registration form you setup.
Step 3: Get the new unique ID from the insert you just made.
Step 4: That ID will be the confirmation number for the person to print.

Step 5: Find out how many rows (registrations) you have.
Step 6: If results of step 5 are the number that you want, then print a message saying registration is closed.

Easy peasy. :-)

Why not just set the event site up as a Joomla installation, and then use one of the event registration plugins they have there?

Thanks! Now tell me the truth. How long were you laughing?

Chas.

TheArmedFarmer wrote:Step 1: Create your table with an auto-increment primary key.

Code: Select all

CREATE TABLE `registrations` (
  `name` varchar(200) NOT NULL default '',
  `phone` varchar(200) NOT NULL default '',
  `etc` varchar(200) NOT NULL default '',
  PRIMARY KEY  (`rid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;

Step 2: Insert into the database table the results from the registration form you setup.

Code: Select all

INSERT into registrations (name, address, etc) values ('$name','$address','$etc);

Step 3: Get the new unique ID from the insert you just made.

Code: Select all

SELECT LAST_INSERT_ID();

Step 4: That ID will be the confirmation number for the person to print.

Step 5: Find out how many rows (registrations) you have.

Code: Select all

SELECT COUNT(*) FROM registration

Step 6: If results of step 5 are the number that you want, then print a message saying registration is closed.

Easy peasy. :-)

The Annoyed Man wrote:Why not just set the event site up as a Joomla installation, and then use one of the event registration plugins they have there?

I looked at some and read the reviews. The only one that looked promising was one by DT Registration, but it only works with 1.5 in legacy mode and I don't want to use legacy mode because of degraded performance.

Chas.

Charles L. Cotton wrote: So from a conceptual viewpoint, am I on the right track? It seems to me that after setting up the mySQL5 database, I need to:

• Step one - Take input from the registration form and append it to the appropriate table;
  Step two - Increase the number of people registered by one each time the action in step one occurs and echo to the number of available slots to the web page;
  Step three - Echo a confirmation for the person to print;
  Step four - Reject input when the event is full and echo a notice that the class is full.

Conceptually, yes.

Getting and storing the input is the easy part. Properly sanitizing said input to ensure that you aren't the target of a SQL injection attack or any other attack by malicious persons with nothing better to do with their time is the more difficult (and important) part. A quick look at the security vulnerabilities tracked at http://www.securityfocus.com/vulnerabilities" onclick="window.open(this.href);return false; will demonstrate that there are still many applications in widespread use that are not immune to such attacks.

A couple of suggestions for you:

1. If you decide to "roll you own," spend at least as much time as you do on coding as you do on security testing. Open your app up to limited access to a few trusted individuals, on a DB instance that means nothing to you. Test, test, test! And then test some more...only then should you even think about opening things up to the Internet masses.

2. Take the suggestion made by one of the other list members and go with a fairly well-known application that is already in use and has reaped the benefits of having been deployed publicly for a set period of time. Keep in mind, though, that even well-known apps can be found to have security flaws related to the user interface.

3. Take an existing application you think satisfies your level of comfort in terms of security and modify it to fit you needs (two excellent places to start your search: Freshmeat and SourceForge. Programmers don't like to reinvent the wheel, and the chances are good someone with more experience and knowledge has already forged a path for you. Take advantage of their expertise! You'll become a better programmer in the process.

Charles L. Cotton wrote:Thanks! Now tell me the truth. How long were you laughing?

Not even for a minute. I'm actually impressed by your ambition to learn PHP. A simple registration form will be an excellent learning experience for you.

Well I was hoping to have something to contribute but it looks like most of what I was going to say was covered. One comment would be to avoid the older style mysql_ functions and use the mysqli library instead. You can take advantage of of parameter binding and prepared statements which 1) means you doing have to pass everything through an escaping function and 2) there are some performance benefits.

I'm always open to a PM for anything else or more specific questions.

Oh, also, once you get a release ready to go, please let me try to break it :)

Would be happy and able to do any code reads as well.

My day job is in a partial PHP/MySQL shop for a site that gets 125M pageviews/month :)

CREATE TABLE `registrations` (
`name` varchar(200) NOT NULL default '',
`phone` varchar(200) NOT NULL default '',
`etc` varchar(200) NOT NULL default '',
PRIMARY KEY (`rid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;

I understand this is just and example but for some specifics on how this start point could be imporved:


CREATE TABLE `registrations` (
`rid` int(10) unsigned not null auto_increment, // actually specify the id column being used as the primary key
`first_name` char(64) NOT NULL,//names are usually stored on column per name "part"
`last_name` char(64) NOT NULL ,
`registration_date` date not null,
`phone` char(13) NOT NULL default '', // if you're only expecting US registrants it's going to be a fixed width of 10 digits + 3 hyphens
PRIMARY KEY (`rid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 DEFAULT CHARSET=latin1;

the name columns changed from a varchar to a char column just b/c storage is cheap and i'm always a fan of fixed width rows when ever possible.

Also note the lack of defaults for the names. If this is a field you do not want to be blank and always want to be specified then do not set a default to an undesired value.

Note the choice of "date" instead of "datetime" for the registration_date. This is assuming you aren't interested in the specific time the record was creating, resulting in a smaller row.

If you were interested in the time, but planned on retrieving records just on the date part of registration you might consider then adding a registation_time column to store the time part. Then it's there but you only need to index what you use for the date column.

Edit: Oh yes, make the charset utf8 instead of latin1 to accommodate non english characters. Even if you're only expecting US residents you never know their families origin.

Russell wrote:A very simple way of sanitizing your input from SQL injection and XSS (Cross Site Scripting) attacks is:

Me being the DBA, I have a different solution. Don't allow your website user ANY table access to your database at all. Write all of the logic in Stored Procedures and then grant the rights to your application just to execute the stored procedures. Much better control and security that way, but then you also have to know how to write SPs...

Is the room spinning, or is it just me?

Thanks guys for the information and for letting me know that there are some things better left to people who know what they are doing. People will be depending upon this registration system to be sure they have a place at these events, so it cannot fail without disappointing a lot of folks. I need to rethink this venture.

Chas.

Take up someone on their generous offer to help. You have done so much for firearm owners in Texas, it's time to sit back and receive a little help in return. There are probably half a dozen people who would be very happy to set you up with what you want, and it would likely only take an hour or so.

Okay, how about this approach? Would an eCommerce module work? I've looked at two or three that work with a CMS website (Joomla) and at least some allow the entry of the number of items "in stock" and they count down as people purchase them.

Since there will be no charge for the seminars, I could just enter "0" for the price. My concern is that this will cause a problem when it goes to PayPal, or some other payment processing company. The eCommerce feature could be useful later, if we decide to sell shirts, hats, etc. to promote the effort.

Any thoughts?
Chas.

Charles L. Cotton wrote:Okay, how about this approach? Would an eCommerce module work? I've looked at two or three that work with a CMS website (Joomla) and at least some allow the entry of the number of items "in stock" and they count down as people purchase them.

Since there will be no charge for the seminars, I could just enter "0" for the price. My concern is that this will cause a problem when it goes to PayPal, or some other payment processing company. The eCommerce feature could be useful later, if we decide to sell shirts, hats, etc. to promote the effort.

Any thoughts?
Chas.

I've done a couple of VirtueMart installations into Joomla! sites. Installation is the same as for any other plugin, and the front end look and feel is seamless with the site's existing template choices. It is VERY configurable, and I highly recommend it. And like most Joomla! plugins, it is free of charge.

Here is a sample of VirtueMart in a Joomla! demo installation.