> On Tue, 2003-01-28 at 22:09, Chris Shiflett wrote: > > --- Petre Agenbag <[EMAIL PROTECTED]> wrote: > > > I have a rather annoying problem regarding forms. > > > I have built an app that allows the users to fill > > > in a rather large form (much like a claim form) > > > and then have the data pumped into a mysql db. > > > The problem is: the users want to be able to > > > "save" their forms on their systems as a) > > > backup/proof that they have filled it in and b) > > > for their records for future use and c) the hope > > > is that it would also allow for a reliable method > > > to complete the form off-line and then submit it > > > when online again. > > > > Well, this sounds like a bad idea in general, but if you > > have no choice in the matter, I suppose cookies can fulfill > > the need. > > > > Anything you implement like this is going to lessen the > > security of the data, because rather than the client > > sending it to you once, you are going to expose it over the > > Internet several times. If this risk is acceptable for > > whatever reason, then cookies are probably no less secure > > for this data than anything else. > > > > Normally, I would highly recommend *not* storing client > > data on cookies, because that opens you up to several types > > of attacks, but you can accomplish what you want to do with > > this method. Only "punish" those who want this feature by > > setting these cookies only for those who choose to save > > this data locally. You could help the situation by > > encrypting the data in your cookies, so that only > > presentation attacks are a concern, but your users wouldn't > > be able to easily look at their data as verification of > > anything. > > > > My recommendation is to leverage your position as the > > technical expert to advise a more proper solution, one that > > you agree to, not them. They should not be consulted > > regarding application design unless they have experience > > with it. Rather, they should be describing their needs and > > let you (or the technical lead / project manager) do the > > technical design. > This is exactly what I'm looking to do; but my problem remains: I don't > know what the best solution is. > The problem is clear: the users actually need an electronic copy of the > data they submit; they must revisit certain issues annually, and would > need to access the data they submitted the previous year; either for > review purposes, or to make the new submission a speedy matter of simply > changing the details that are different from last year. > It's much like a normal office scenario: each person works on Word docs > that need to be shared with others, yet needs to be editable and must be > saved etc, BUT the difference here is that the data of all the > collective sources must be entered into a central db. So the "non > technical" solution would be for the users to do the forms in "word", > then fax it to the central office, where you have a temp type the data > into the db... we can't have that now... > Any ideas?
Do they really have to be able to do this "offline"? You've got the data in the database, why not just program a feature that lets you go in and edit data? Or copy one report to submit as a new one? Wouldn't that be a better solution than some system where you copy everything to the user's computer? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
