Question about authenticating form input

[Meriakh]

I was hoping to find out an answer to a relatively complex html/php/sql question. I have a form on my site that I want users to fill out. The user fills it out and then submits the form, sending it to a php file. That file is then supposed to add 1 entry to the sql database. What I want to do is put this data being sent to the database on hold - so say a random user enters data, that data is then stopped. After that, I want to be able to review the data entered and determine if it is acceptable. If the data is acceptable, I want to be able to accept the data and then have it sent to the database.Once the data is accepted, I also want to create a new web page with that data entered in a specific format. So far I have set up the form and have been able to enter the data in a database. I guess my main question at this point is how I could automatically have an email sent to myself when someone submits the form which would then allow me to preview the data before I accept it.

[Ingolme]

You can have it write to the database table immediately, but have a field in the table that indicates whether the data has been reviewed or not.

[Meriakh]

Simple and easy to do. Thanks for the idea, Ingolme. I actually have a followup question to your response. When the data is submitted to the database it should be straightforward to automatically notify me that something has been submitted. I haven't dealt with emails in php, but I just looked through it and it should be easy enough. When sending the email, I need to specify a link for me to go to, correct? And that link should pull the information that was submitted. I would think when sending the email I would need to specify the key associated with the database entry. Also, the link would somehow need to pass that key as a parameter so that I could pull all of the relevant information. From there, I would really like to be able to view the info in the way it will look when published on the site. So my question here: How would I be able to email myself a link which will allow me to view the submitted data? I guess I'm not real clear on how the site with the information displayed would be created.

[birbal]

first insert the data which will be posted by user. get the last insert id of the insertion. make a url where you will embded the ID of the data in query string. the query string will point to a script where you will alter the FLAG field. flag field is boolean field which will determine it is accepted or not. You also have to make sure of some authentication otherwise anyone would pass the query string with arbitaray id and can alter the FLAG. If you want you can also send the data as content with the URL in email body.

[Meriakh]

So if I want to link the site in the email addressed to the admin for authentication I would want to link something like this?

http://server/path?idVar=<ID of database_entry>

Where the "ID of sql database entry" will be automatically input when the email is sent. And then of course the path would be the path to the authentication page, which would always be the same besides the ID input. Also, what kind of authentication would I need to use? Is there a good link to a place I could get information on site security in general, but also in regards to this?

[birbal]

yes something like that.

Is there a good link to a place I could get information on site security in general, but also in regards to this?

http://owsap.org

Also, what kind of authentication would I need to use?

either a form based authentication where you need to login everytime and which has privilages checking. but you have to login every time when your session dies. either way and which seems suitable for you would be setting a hashed string for each row which will be passed with url and you will check the string if it matches with the stored hash of database. if it matches do the job mark them verified and you can also set the hash fields to NULL to save disk space