Author Topic: Website database (Read 5307 times)

jellied · « **on:** 09 May, 2008, 03:53:59 pm »

I've worked in IT for over 20 years and for this reason I've been lumbered looking after a website for a local cycle group. It was all set-up before I joined and it's pretty static - I just simply alter dates, add events and photographs.

It's been suggested we have some online poll/survey and it's at this point my complete lack of knowledge of the Interweb comes to light. 20 years of Unix, Informix databases and the like doesn't help now.

So what's involved here? If we have say 20 questions where do I store the answers? I thought at first getting them emailed to me, but the number of entries could be quite large.

I don't really know the right questions to ask which makes it all the more trickier. I can probably knock up the page but the storage of the answers and later access to it is beyond me.

Chris S · « **Reply #1 on:** 09 May, 2008, 03:59:44 pm »

Get them all to sign up here, and then use the Poll option on here?

If I were doing it, I'd be using a CMS hosted website (Movable Type, that kind of thing) that had plugin modules, and then hunt down a Poll plugin.

jellied · « **Reply #2 on:** 09 May, 2008, 04:02:45 pm »

well it's slightly more than a poll

20 questions such as how far you cycle a month, problems you face whilst on your bike. things that would make cycling more attractive to you etc.

so a mix of yes/no questions, ranges, free format text.

Jaded · « **Reply #3 on:** 09 May, 2008, 04:06:47 pm »

I'd make an html form and either:

Log the results to a MySQL database

or:

get them emailed to you and do some clever scripting to split out the answers...

jellied · « **Reply #4 on:** 09 May, 2008, 04:12:10 pm »

MySQL - now that sounds like something i could cope with.

can anyone point towards an idiots guide? i am not a complete numpity in this arena. i assume Mysql will run on any hosted site?

some my pages could write to a Mysql database and i there's a web frontend or something to access data from it?

actually the mailing thing might be a good fall back, if nothing else to alert me that someone has filled it.

Pingu · « **Reply #5 on:** 09 May, 2008, 04:16:06 pm »

I use PHP for a form on a site and get the results mailed to someone else

Greenbank · « **Reply #6 on:** 09 May, 2008, 05:06:14 pm »

For simple survey results I'd consider a databsae overkill, especially if you need to install it on the webserver machine.

Personally I'd write out all of the answers into local file(s) and then, when the survey closes, go and collect the results file(s) and mangle them into something else (such as CSV) and then into the application of your choice.

jellied · « **Reply #7 on:** 09 May, 2008, 05:08:31 pm »

Thanks - I thought MySQL was free for some reason.

It does look overkill at the moment, but it make a personally interesting project.

perhaps creating a simple file as you suggest might be the best bet at this stage - some random file name or other and then manually collect them every so often.

Chris S · « **Reply #8 on:** 09 May, 2008, 05:09:50 pm »

Just get a PHP form to email the results to you, and compile them using a Spreadsheet; eezee peezee if you aren't expecting 000's of responses.

bobb · « **Reply #9 on:** 09 May, 2008, 10:17:49 pm »

Quote from: jellied on 09 May, 2008, 05:08:31 pm

Thanks - I thought MySQL was free for some reason.

It does look overkill at the moment, but it make a personally interesting project.

perhaps creating a simple file as you suggest might be the best bet at this stage - some random file name or other and then manually collect them every so often.

It is free, but your web host may charge extra if it isn't included in the package you currently have.

I would use a MySQL database for flexibility. But then I live in MySQL and dream in server side languages!

Phil · « **Reply #10 on:** 12 May, 2008, 10:31:38 am »

HTML form to XML via php is my preference because it's readable and accessible.

If it's just a one-time thing, I'll host the handling script if you'd like.

bobb · « **Reply #11 on:** 12 May, 2008, 01:01:33 pm »

Quote from: Phil on 12 May, 2008, 10:31:38 am

HTML form to XML via php is my preference because it's readable and accessible.

If it's just a one-time thing, I'll host the handling script if you'd like.

Hmm.. I know I'm going a bit OT from the OP, but if you're going to do that, the amount of validation you'd have to do to make sure the XML file doesn't go spaz is longer and more work than using a database.

Anal people like me often enter stuff into HTML to XML forms like: ¬!"£$!&%*%*(I'?>:::<<<||\\\\AM%^&*()An@:{+_=-''ARSE¬!""££$$%^^&?|||||\\\\\\\\\HOLE||\\

Just to see if it breaks. Often it does.

Phil · « **Reply #12 on:** 12 May, 2008, 01:12:27 pm »

As long as you restrict the character set to UTF-8 and replace < with < > with > and & with & you're mostly OK. It gets escaped during the POST process anyway. If you thought someone was going to try to break it, you could run a regex replace on the inputs to get rid of anything that wasn't [a-z][0-9].,:;'@#?!"£$%^&*()-=_+\| .

This nice thing about XML is that if all else fails you can still see the data with a text editor and you don't need anything installed. And handling systems are getting better, have you seen SimpleXML in php? No more death by DOM.

bobb · « **Reply #13 on:** 12 May, 2008, 01:43:09 pm »

Quote from: Phil on 12 May, 2008, 01:12:27 pm

As long as you restrict the character set to UTF-8 and replace < with < > with > and & with & you're mostly OK. It gets escaped during the POST process anyway. If you thought someone was going to try to break it, you could run a regex replace on the inputs to get rid of anything that wasn't [a-z][0-9].,:;'@#?!"£$%^&*()-=_+\| .

This nice thing about XML is that if all else fails you can still see the data with a text editor and you don't need anything installed. And handling systems are getting better, have you seen SimpleXML in php? No more death by DOM.

Mostly OK? That's not good enough!

As for "SimpleXML in php", no I am unaware of it as I haven't used php for about ten years because it's an antiquated, unreliable, backward piece of shit.

Edit: php is what you teach school children. Then they get the hang of it and think they know everything!

David Martin · « **Reply #14 on:** 12 May, 2008, 01:56:22 pm »

Quote from: Phil on 12 May, 2008, 01:12:27 pm

As long as you restrict the character set to UTF-8 and replace < with < > with > and & with & you're mostly OK. It gets escaped during the POST process anyway. If you thought someone was going to try to break it, you could run a regex replace on the inputs to get rid of anything that wasn't [a-z][0-9].,:;'@#?!"£$%^&*()-=_+\| .

OFFS someone *will* try to break it. That is what people do. Everything should be taint checked, encapsulated, wrapped and generally sterilised so that data stays as data and doesn't do other things not intended by the script author.

Like '; delete from results; ' which could do interesting things to an sql database if not properly trapped.

PHP is fine if used properly. As is Perl. As is Java. Tools for the appropriate task in hand.

For the kind of thing described I have a simple form handling script that appends the results as a tab separated file. Generic and lightweight. It takes the column headers as the field names to save. This can even be in the htdocs directory so can readily be downloaded (but I don't do this). Obviously one has to be careful precisely which data one stores if it is going to be publicly available (albeit obscure).

..d

bobb · « **Reply #15 on:** 12 May, 2008, 02:15:22 pm »

php isn't fine. PERL is most certainly not !!

Didn't you be just a little bit naughty in the 90s

iakobski · « **Reply #16 on:** 12 May, 2008, 02:47:48 pm »

Quote from: bobb on 12 May, 2008, 02:15:22 pm

php isn't fine. PERL is most certainly not !!

Didn't you be just a little bit naughty in the 90s

Err, hit a nerve somewhere, bobb?

PS, a common saying within the Perl community is (paraphrased): "Perl is the language, perl is the interpreter, and PERL is used by clueless noobs"

bobb · « **Reply #17 on:** 12 May, 2008, 03:20:39 pm »

AND in the "real" community we ask "why the fuck are you still using that?" "Are females ever interested in you?" "That includes your wife"

I bet you're the most interesting bloke in the world to have a pint with.........

mike · « **Reply #18 on:** 12 May, 2008, 03:26:26 pm »

Dont do it yourself, use www.surveymonkey.com

free online surveys.

Greenbank · « **Reply #19 on:** 12 May, 2008, 03:31:50 pm »

Quote from: bobb on 12 May, 2008, 03:20:39 pm

AND in the "real" community we ask "why the fuck are you still using that?" "Are females ever interested in you?" "That includes your wife"

I bet you're the most interesting bloke in the world to have a pint with.........

All a bit harsh for suggesting PHP or Perl.

OOI What's your pet language that you program in that's so good that you're such a hit with the girls Mr Pot?

(Aside from MySQL which obviously gets them frothing...)

Quote from: bobb on 09 May, 2008, 10:17:49 pm

I would use a MySQL database for flexibility. But then I live in MySQL and dream in server side languages!

iakobski · « **Reply #20 on:** 12 May, 2008, 04:23:37 pm »

Quote from: bobb on 12 May, 2008, 03:20:39 pm

I bet you're the most interesting bloke in the world to have a pint with.........

Maybe not, but you're the one getting steamed up about choice of programming language, of all things...

bobb · « **Reply #21 on:** 12 May, 2008, 08:57:03 pm »

Quote from: A Random One on 12 May, 2008, 04:23:37 pm

Quote from: bobb on 12 May, 2008, 03:20:39 pm
I bet you're the most interesting bloke in the world to have a pint with.........

Maybe not, but you're the one getting steamed up about choice of programming language, of all things...

There has not been any mention of any programming languages at all!

rogerzilla · « **Reply #22 on:** 12 May, 2008, 09:17:23 pm »

Quote from: David Martin on 12 May, 2008, 01:56:22 pm

Quote from: Phil on 12 May, 2008, 01:12:27 pm
As long as you restrict the character set to UTF-8 and replace < with < > with > and & with & you're mostly OK. It gets escaped during the POST process anyway. If you thought someone was going to try to break it, you could run a regex replace on the inputs to get rid of anything that wasn't [a-z][0-9].,:;'@#?!"£$%^&*()-=_+\| .

OFFS someone *will* try to break it. That is what people do. Everything should be taint checked, encapsulated, wrapped and generally sterilised so that data stays as data and doesn't do other things not intended by the script author.

Like '; delete from results; ' which could do interesting things to an sql database if not properly trapped.

PHP is fine if used properly. As is Perl. As is Java. Tools for the appropriate task in hand.

For the kind of thing described I have a simple form handling script that appends the results as a tab separated file. Generic and lightweight. It takes the column headers as the field names to save. This can even be in the htdocs directory so can readily be downloaded (but I don't do this). Obviously one has to be careful precisely which data one stores if it is going to be publicly available (albeit obscure).

..d

As a qualified IT auditor, I love SQL injection attacks

I was looking at a commercial application a couple of months ago with the usual lack of input validation. "Try 1/1/1066 for the start date" I suggested, upon which the system crashed and someone had to go and reboot the server. It was the test system, I hasten to add - I'm not *that* cavalier.

Phil · « **Reply #23 on:** 12 May, 2008, 09:33:55 pm »

I love you all and your dedication to the cause, but this is a one-time survey on a small website known to a few people. I shouldn't have criticised the mighty DATABASE in favour of a storage system that actually allows open access to data, I suppose.

Greenbank · « **Reply #24 on:** 12 May, 2008, 10:50:01 pm »

Quote from: bobb on 12 May, 2008, 08:57:03 pm

There has not been any mention of any programming languages at all!

hole->depth++;

Author Topic: Website database (Read 5307 times)

Chris S

Chris S

iakobski

iakobski