

Open Source Guest Book in php  - barakstout
http://thelivingpearl.com/2013/07/15/the-guest-book-problem/

======
rachelbythebay

        //let's check if the guest is already in our system
        $check = "SELECT * FROM guests WHERE
        `first_name` = '$_POST[first_name]'
        AND `last_name` = '$_POST[last_name]'
        AND `email` = '$_POST[email]' " ;
    

I'm not much of a PHP person, but doesn't this imply you're taking user-
supplied POST data and are putting it directly into your SQL? If so, that
won't end well.

Regarding the actual concept, I saw a place which used an iPad as the signin
system for visitor badges, complete with a way to sign your name for NDA
purposes if you're there for an interview. It seems sound, assuming you can
keep people from messing it up with the home button.

That said, I think they had an app, not a web page.

~~~
barakstout
2 things.

1.You are correct about the potential for a SQL injection. User input should
be checked before entered into a SQL statement. However, for learning purposes
it was skipped.

2\. There are free apps that wee allow you to take a web page and turn it into
a kiosk app. Specifically in iOS6 you can block the home button and limit
browsing to what ever website you want. The whole point is for low budget
company who doe not want to invest the time or the money into an iOS or
Android app.

