finding existing records

[Larry]

I'm developing a website to handle registration for an annual
convention. I already have a database of people who attended last
year's convention. I want to prevent this year's registration from
creating a bunch of duplicate records. As a solution to this, when
they register for this year, the first page just asks for their first
and last name. It then checks the database (using the sql "soundex"
function to match misspellings) and presents the user with a list of
matches (showing first and last name and address). They then have to
either select one (to update their existing record) or "None of the
above" (to create a new record).

My question is security... this essentially creates a way for anyone to
get information about convention attendees (albeit in an inconvenient
way). Granted the info they can get is only names and addresses, but
still, it's not an ideal situation.

Can anyone think of a better solution?

 

[usenet]

It then checks the database (using the sql "soundex" function...

That function is pretty course, FWIW.

this essentially creates a way for anyone to get information about
convention attendees (albeit in an inconvenient way).

What if you didn't show the full address, but only the name and
zipcode? And/Or the name and the last four digits of the phone number
(if you have that)? In other words, enough information that a person
can say, "yes, that is me" but not enough to tell anyone else anything
meaningful.

 

[xhoster]

I'm developing a website to handle registration for an annual
convention. I already have a database of people who attended last
year's convention. I want to prevent this year's registration from
creating a bunch of duplicate records. As a solution to this, when
they register for this year, the first page just asks for their first
and last name. It then checks the database (using the sql "soundex"
function to match misspellings)

How often do you expect people to misspell their own names? In a way
that soundex will catch?

and presents the user with a list of
matches (showing first and last name and address). They then have to
either select one (to update their existing record) or "None of the
above" (to create a new record).

My question is security... this essentially creates a way for anyone to
get information about convention attendees (albeit in an inconvenient
way). Granted the info they can get is only names and addresses, but
still, it's not an ideal situation.

You could give them just the street number of their address, rather than
the whole thing.

Can anyone think of a better solution?

How about allowing them to register under whatever name they feel like
typing today, and de-duplicating it in the back office?

Xho

 

[Larry]

How about allowing them to register under whatever name they feel like

typing today, and de-duplicating it in the back office?

Thank you for volunteering to do the de-duplicating work! Please send
me your contact info and when you are available.

 

[xhoster]

Thank you for volunteering to do the de-duplicating work! Please send
me your contact info and when you are available.

Thanks you for sending me the consulting fee. I'll get to work writing the
Perl program to do the back office de-duplication as soon as the check
clears.

Xho