Open Source Guest Book in php (opens in new tab)

(thelivingpearl.com)

2 pointsbarakstout12y ago2 comments

2 comments

2 comments · 1 top-level

rachelbythebay12y ago· 1 in thread

    //let's check if the guest is already in our system
    $check = "SELECT * FROM guests WHERE
    `first_name` = '$_POST[first_name]'
    AND `last_name` = '$_POST[last_name]'
    AND `email` = '$_POST[email]' " ;

I'm not much of a PHP person, but doesn't this imply you're taking user-supplied POST data and are putting it directly into your SQL? If so, that won't end well.

Regarding the actual concept, I saw a place which used an iPad as the signin system for visitor badges, complete with a way to sign your name for NDA purposes if you're there for an interview. It seems sound, assuming you can keep people from messing it up with the home button.

That said, I think they had an app, not a web page.

barakstoutOP12y ago

2 things.

1.You are correct about the potential for a SQL injection. User input should be checked before entered into a SQL statement. However, for learning purposes it was skipped.

2. There are free apps that wee allow you to take a web page and turn it into a kiosk app. Specifically in iOS6 you can block the home button and limit browsing to what ever website you want. The whole point is for low budget company who doe not want to invest the time or the money into an iOS or Android app.

j / k navigate · click thread line to collapse