Hi, As you may know, I am an Intranet programmer for a certain company. One of the features of this intranet site is to let employees request technical problem by filling up a certain form that includes employee name to be selected from the list. This list are of course taken from local MySQL database used by the side, not the company database, which is MS SQL which is updated all the time.
I intentionally put the names in the list to prevent non-employees, including visitors, or those frankster playing around at the lounge, from posting their fictitious problem. It works fine for a couple of month, but the problem now is when new employees are hired. Their informations, including names, are not always seen by the MySQL database, because it is only copied from company database. Because of this I have to encode them manually for them to fillup the form.
Some said that I have to put a textbox for name input besides the employee list for those persons that are not in the list. But I don't want to do that for it will be the reason for non-employees to add their names and eventually access pages on the site.
What do you think will I do?
Limiting Access to Non-employees
Moderator: General Moderators
- harrisonad
- Forum Contributor
- Posts: 288
- Joined: Fri Oct 15, 2004 4:58 am
- Location: Philippines
- Contact:
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
what's the difference if the server grabs the employee information from the company database, or from you own? The only things I see is yours doesn't automatically replicate the company server.
You could use a cron to "update" you local database. The nice thing about using a local database is you can filter out people from the original a bit easier (pre-filtered) ... another thing is you could use a local table of exclusion information, those who do not want to be listed can then just be added there.
I don't quite see what a textbox would make problematic.. it should only try to match the name entered to an existing employee and send the message or whatever. It shouldn't ever change any records..
You could use a cron to "update" you local database. The nice thing about using a local database is you can filter out people from the original a bit easier (pre-filtered) ... another thing is you could use a local table of exclusion information, those who do not want to be listed can then just be added there.
I don't quite see what a textbox would make problematic.. it should only try to match the name entered to an existing employee and send the message or whatever. It shouldn't ever change any records..
- harrisonad
- Forum Contributor
- Posts: 288
- Joined: Fri Oct 15, 2004 4:58 am
- Location: Philippines
- Contact:
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- harrisonad
- Forum Contributor
- Posts: 288
- Joined: Fri Oct 15, 2004 4:58 am
- Location: Philippines
- Contact:
Thanks, master Jcart. I will now study about CRON jobs.
The employees table
employee_id | employee_name | etc.
The requests for service table
date | time | description | employee_id | etc.
The field employee_id of requests table is INT(4) and relies on employee_id of employee table for name, when the id doesn't exists, of course no name will be displayed, or even worse, the certain row will not be retrieved by the following query
Whenever I used this code to retrieve all requests, it will leave out those submitted by not in the employee table.
Any thoughts?
If I will put a textbox besides the list for 'unidentified employees', my plan is to put his name in the database together with the technical problem he is submitting. But the problem is about the structure of my tables being RELATIONAL. For the purpose of my problem, I will give the structures as well.feyd wrote:I don't quite see what a textbox would make problematic.. it should only try to match the name entered to an existing employee and send the message or whatever. It shouldn't ever change any records..
The employees table
employee_id | employee_name | etc.
The requests for service table
date | time | description | employee_id | etc.
The field employee_id of requests table is INT(4) and relies on employee_id of employee table for name, when the id doesn't exists, of course no name will be displayed, or even worse, the certain row will not be retrieved by the following query
Code: Select all
SELECT date,time,description,employees.emlpoyee_name
FROM requests,employees
WHERE requests.emlpoyee_id=employees.employee_idAny thoughts?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact: