Hello everyone. I'm planning of implementing auto-logout in a project I have in mind and I want you guys to tell if the way I plan to do it is the best.
This is how I plan doing it. I will have table in my database, say cossay_tb, containing three fields:
user_id -- to hold the user's unique ID
last_page -- to the URL of the page where the user was before being logged out
content -- to hold the content of the page where the page that the user was working on
In my HTML pages, I will wrap a parent DIV around the content in the body of the page. During the auto-logout, I simply get the entire content of the parent DIV, the user's ID and the URL of the current page and use AJAX to send it the a PHP script, which will insert it into the database. I will then empty the content of the parent DIV after the log out.
The structure of my page before auto log out will look like this
<html> <head> </head> <body> <div id = "login_div"> <!--Login form here--> </div> <div id = "parent_div"> <!-- Page content--> </div> </body> </html>
The structure of my page after auto log out will look like this
<html> <head> </head> <body> <div id = "login_div" style = "display: block;"> <!--Login form here--> </div> <div id = "parent_div"> <!-- Empty--> </div> </body> </html>
I'm emptying the content of the parent DIV because someone might just save the page and then set the display property of my login DIV to none and see whatever information that the user was working on. I will get the content back after the user has supplied the correct password.
Here are my questions:
1. Is it a good thing to store raw HTML code in a database, like MySQL?
2. At the server side, will using just mysql_real_escape_string, htmlentities, html_entity_decode, and stripslahes be be okay for both making data safe for inserting into MySQL and restoring data back to raw html?
3. How would you implement this if you were me?