Posted by Erwin Moller on 11/10/06 12:57

Mike wrote:

> I have developed an application, for psyc patients.... they type in
> very personal information in a web form to help them work through
> problems in their lives. Once they enter the info, I encrypt the data
> and store it in a MySQL database. Users can then print, edit, delete
> or share the information they entered with their therapist. I'm not
> happy storing this in the database for two reasons: (1) my host places
> restrictions on my database size and number of queries. (2) the
> information is very personal and sensitive, and I'd hate to find out
> the database has been compromised or damaged (even with the
> encryption). Also, currently I don't have any search capabilities, but
> as patients fill out large numbers of forms, they may have a need to
> search.
>
> Is there a way for me to store the form information on the visitor's
> computer.... say a cookie or text file, rather than on the server side?
> How would I go about doing this?
>
> Thanks!
>
> Mike

Hi Mike,

I am unsure if storing that info on the clientmachine is very safe.
The regular home PC has worse protection than a ISP machine.
So you must warn the users that you want to store the information on their
own machine, so they can make up their own mind.

Cookies? No, Cookies won't help you. They can only store a limmited piece of
data, and surely not long writing. Also cookies are easily deleted, and
then all the data is lost. So don't go cookie.

Clients filesystem?
If you want to store information on a clientmachine, you need something else
than PHP.
PHP typically only delivers the HTML to a browser, and doesn't exists on the
clientmachine, only on the server that delivers the pages.
So you;ll need another solution: Think Java-applets, maybe
VB-script/ActiveX.
In both cases you'll need extra privileges.
I don't know much on VB-script/ActiveX, and my Javaknowledge is getting
stale (since PHP). But if you go Java, you must first master that language,
and learn how to write applets, and also learn how to sign them, and ask
the user for permissions on some folder on the filesystem. It is not
rocketscience, but Java is surely more difficult to master than PHP.

Personally, if I were in your position, I would choose a provider that suits
your needs, and keep using a serverside database, that setup is just much
easier.
ISP's come in all tastes, so if you are seriously worried about your data,
put some serious time in finding a good one. You might want to hire some
expertise to check if things are set up the way you want them to.

just my 2 cent.

Good luck.
Regards,
Erwin Moller

• Next in forum: Re: In email form how do we say "must be equal to X"?
• Prev in forum: Re: In email form how do we say "must be equal to X"?
• Thread view: Re: Storing form data on client?

[Reply to this message]