Re: [Care2002-developers] about patients and personnel in the same table

Fri, 12 Nov 2004 02:26:04 -0800 

Hi!

I saw that also and it seems to me a little bit
annoying to mix personnel and patients.. but you
also are right about duplicate data if someone
from the personnel gets sick..

so, my suggestion is this (for the main developers
of care2x): is it possible to put an unchecked
'check box' in the 'search person' form, so that
you may 'include', *if you want* the personnel
data (as an exception), in the search query?..

or maybe better, 2 radio buttons:
 - only personnel, only patients
this way you will not have to look for all the
patients (including the filter) either when looking
for personnel..

it is not difficult for the developer who has done
that form, but it would be a great feature for the
user. there is only one check box with a text, then
a filter in the sql query..

PS. I realized that you may use the '%' sql operator
in a query.. I don't know if this is a 'feature' or
a 'bug'. It may be a security breach. Are you aware
of the 'sql inject' attacks? It seems that there is
no expression checking on the 'person search' input
text.. (but i recognize i didnt have the time to
check the code. so, sorry if this isnt true, i just
had it in my mind since a while and wanted to warn you)

PSS Example of an mysql 'sql inject' attack (I hope
to remember it correctly, but if not, you will grasp
the idea):

<FORM>... etc
user: test
password: aa" and ""="""
                  ^^^^^^^ - this disables your original
query if you dont check the user input (which should
always be done, with a regular expresion and other
mechanisms, like the native functions of php related
to slashes, command parsing (see doc for exec(), etc )

SQL query: SELECT * FROM uers WHERE user="$user" AND
password="$passwd"


Regards,

--
Daniel Ignat
PHP Programmer and SysAdmin


Elpidio Latorilla wrote: 
Hello Walter,

I just suggested that possibility based on my understanding of your idea to separate the personal data of the hospital's personnel from the patient data. Since the personal data are the same, you can use the same structure. Of course this means that once a hospital's employee gets sick and himself becomes that hospital's patient, you might need to reenter his personal data as a patient. This means double work and redundancy of data.

I personally wanted to avoid this redundancy thats why there is currently only one person data table and it also contains the data of the hospital's personnel.

But I understood your last posting that you might need a true separation so I suggested the previous solution. Please correct me if I am wrong.

Elpidio

On Wednesday 10 November 2004 16:33, Walter Nunez wrote:

Thank you Elpidio.
but, in this table..personnel and patients
� Why they share the same table as original design?





-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
_______________________________________________
Care2002-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/care2002-developers





-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
_______________________________________________
Care2002-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/care2002-developers

Reply via email to