Can any experienced HTTPS/MySQL user help build webservice.
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
Re: Can any experienced HTTPS/MySQL user help build webservice.
Ok, seems PDO is the (most modern) way to go !
Re: Can any experienced HTTPS/MySQL user help build webservice.
Yes, and if you encounter problems,
You can use this to help solving it:
https://phpcodechecker.com/
Just copy your script and it will give hints, a real help.
You can use this to help solving it:
https://phpcodechecker.com/
Just copy your script and it will give hints, a real help.
Re: Can any experienced HTTPS/MySQL user help build webservice.
HI Sphere
Okay, I´ve switched to using PDO PHP and MariaDB now,
So far I m suceeding in doing this.
1) Create Delete Retreive values from the MariaDB using PHP.
2) Insert "hard coded" values for records from a PHP file-
3) Secure the Database access Param in a non-public server folder
So using PDO...
How do one securely "send" typed in values from an LC stack to my public PHP waitting to record new data ?
I guess this means "WITHOUT" sending again all the DB Access Parameters ?
All the LC samples I´ve used so far did include the use of Rev connection with DBnames+PWs,etc..
i´m not sure to understand how this work from now on using a Livecode Stack client ?
Any samples to deal with this PHP new records file ?
Okay, I´ve switched to using PDO PHP and MariaDB now,
So far I m suceeding in doing this.
1) Create Delete Retreive values from the MariaDB using PHP.
2) Insert "hard coded" values for records from a PHP file-
3) Secure the Database access Param in a non-public server folder
So using PDO...
How do one securely "send" typed in values from an LC stack to my public PHP waitting to record new data ?
I guess this means "WITHOUT" sending again all the DB Access Parameters ?
All the LC samples I´ve used so far did include the use of Rev connection with DBnames+PWs,etc..
i´m not sure to understand how this work from now on using a Livecode Stack client ?
Any samples to deal with this PHP new records file ?
Re: Can any experienced HTTPS/MySQL user help build webservice.
Hi Teriibi,
good to hear.
You only need to send the DB access parameters when you use LC directly to access your DB, not if you use middleware (communication via PHP)
When you followed the How To...then you can see that you don't need to send the connection parameters for your DB. Because they are in connect_db.PHP file which is called locally on your server. So by sending data with your app via the postinsert_by_id.PHP or whatever then this file calls the access parameters locally on the server with this line: require_once 'connect_db.php'; , so it is not send or requested by your (mobile) app.
You only need to send or retrieve data to the correct PHP file which contains the commands to do so in your DB.
So this is a part of your LC script:
put "nr="& fld"id" & "&mytext=" & fld"txt" into varInsert
post varInsert to url"http://127.0.0.1/pdo_test/postinsert_by_id.php"
so you can see the data from your app is send to the insert php file.
the nr= and mytext= are columns in your DB
If you want any data send secure then you'll have to encrypt it, so no one except you (your app) can read it again. So you have to encrypt it in your app, then send it to your DB.
When retrieving you have to decrypt again. You have to use LC9 for this, as it supports the safer encryption methods. (besides encryption and decryption you also need to encode and decode, else it won't work and you get false data).
good to hear.
You only need to send the DB access parameters when you use LC directly to access your DB, not if you use middleware (communication via PHP)
When you followed the How To...then you can see that you don't need to send the connection parameters for your DB. Because they are in connect_db.PHP file which is called locally on your server. So by sending data with your app via the postinsert_by_id.PHP or whatever then this file calls the access parameters locally on the server with this line: require_once 'connect_db.php'; , so it is not send or requested by your (mobile) app.
You only need to send or retrieve data to the correct PHP file which contains the commands to do so in your DB.
So this is a part of your LC script:
put "nr="& fld"id" & "&mytext=" & fld"txt" into varInsert
post varInsert to url"http://127.0.0.1/pdo_test/postinsert_by_id.php"
so you can see the data from your app is send to the insert php file.
the nr= and mytext= are columns in your DB
If you want any data send secure then you'll have to encrypt it, so no one except you (your app) can read it again. So you have to encrypt it in your app, then send it to your DB.
When retrieving you have to decrypt again. You have to use LC9 for this, as it supports the safer encryption methods. (besides encryption and decryption you also need to encode and decode, else it won't work and you get false data).
Re: Can any experienced HTTPS/MySQL user help build webservice.
Ok, tks a lot, makes it much much clearer now.
So I´m writing a simplier script which works 1/2 way...that is,
The php receive the request and even echo back to the LC Stack (waow !! )
But the name "max" of variable does not get added...
(PHP FILE)
I ve replaced ´ by " but with no results
Whats wrong with passing the value this way ?
...and how can I keep it simple for my trial ?
So I´m writing a simplier script which works 1/2 way...that is,
The php receive the request and even echo back to the LC Stack (waow !! )
But the name "max" of variable does not get added...
Code: Select all
ON MOUSEUP
put "$name=´max´;" into myData
post myData to URL "http://www.myserver.com/receiving.php"
answer it
end MOUSEUP
Code: Select all
<?php
## $db = new PDO('mysql:host=localhost;dbname=db_name', 'db_user', 'db_password');
require "../../db/data.php";
// :username, :gender, :country are named placeholders in the SQL syntax below
$sql = "INSERT INTO sampledata (name, age, email) VALUES (:name, :age, :email)";
$stmt = $db->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':age', $age);
$stmt->bindParam(':email', $email);
$estim = rand(10,99);
$str1 = myData;
$stri1;
$age = $estim;
$email = $estim . '@gmail.com';
$stmt->execute();
echo "Prep statements done : ".$estim;
$db = null;
?>
Whats wrong with passing the value this way ?
...and how can I keep it simple for my trial ?
Re: Can any experienced HTTPS/MySQL user help build webservice.
if it is only one fixed item to send then in your lc script it should be:
put "name=max" into myData
if max is a variable, like Put Mini into tMax, or Put field"first name of person" into tMax, then it should be:
put "name=" & tMax into myData
if you have more then one item or variables it should be:
put "name=max" & "&surname=" & tSurname into myData (you see the extra & before surname)
you see that the first column name of your DB does not need the & (and symbol, not the dollar symbol), but every following needs the & symbol
the $ dollar symbol is used in the PHP file, also the semicolon ; symbol is used in the PHP file, not in the lc script
put "name=max" into myData
if max is a variable, like Put Mini into tMax, or Put field"first name of person" into tMax, then it should be:
put "name=" & tMax into myData
if you have more then one item or variables it should be:
put "name=max" & "&surname=" & tSurname into myData (you see the extra & before surname)
you see that the first column name of your DB does not need the & (and symbol, not the dollar symbol), but every following needs the & symbol
the $ dollar symbol is used in the PHP file, also the semicolon ; symbol is used in the PHP file, not in the lc script
Re: Can any experienced HTTPS/MySQL user help build webservice.
Okayyy, I m going to test that in a moment...
Yes I was trying to send 1 value at first coz I´m not used to the syntax to send several, but definitely would use it right after..
Thansk again sphere
Yes I was trying to send 1 value at first coz I´m not used to the syntax to send several, but definitely would use it right after..
Thansk again sphere
Re: Can any experienced HTTPS/MySQL user help build webservice.
Well, I´ve been changing the stack in dif ways but nothing get Caught on the PHP side.
So I guess that is where the bug resides..
Have you checked the PHP syntax for the Value to get caught ?
I can´t figure out how the PHP files "knows" what to do with the value contained into MyData
as long as its not linked to some field - alhough LC is probably smarter than I
The dif syntax for the link I tried to create in the PHP were :...
1) $name = myData;
2) $name = $myData;
3) $name = $myData´;
All I get is a new record with name : "myData" while "prep statement done" returns a success msj.
how do one link the Mydata content to the apropriate field ?
So I guess that is where the bug resides..
Have you checked the PHP syntax for the Value to get caught ?
I can´t figure out how the PHP files "knows" what to do with the value contained into MyData
as long as its not linked to some field - alhough LC is probably smarter than I
The dif syntax for the link I tried to create in the PHP were :...
1) $name = myData;
2) $name = $myData;
3) $name = $myData´;
All I get is a new record with name : "myData" while "prep statement done" returns a success msj.
how do one link the Mydata content to the apropriate field ?
Re: Can any experienced HTTPS/MySQL user help build webservice.
In LC put "name=Max" into mydata before posting mydata to the target url
In the php try
$str1 = $_POST['name'];
In the php try
$str1 = $_POST['name'];
Re: Can any experienced HTTPS/MySQL user help build webservice.
Great !!!
Thanks SparkOut, works like a charm now, !!
Thanks you both, I´d never knew where to locate that info !
Thanks SparkOut, works like a charm now, !!
Thanks you both, I´d never knew where to locate that info !
Re: Can any experienced HTTPS/MySQL user help build webservice.
Sparkout is right.
It's exactly written in this post, as shown before:
http://forums.livecode.com/viewtopic.php?f=12&t=27521
in this peace is that what you POST is bind to the column where it should go:
$stmt->bindParam(':nr', $_POST['nr']);
it does the same as:
$str1 = $_POST['name'];
It's exactly written in this post, as shown before:
http://forums.livecode.com/viewtopic.php?f=12&t=27521
Code: Select all
<?php
// get the access
require_once 'connect_db.php';
try {
$stmt = $db->prepare("INSERT IGNORE INTO `tablename` (`id`, `mytext`) VALUES (:nr, :mytext)");
$stmt->bindParam(':nr', $_POST['nr']);
$stmt->bindParam(':mytext', $_POST['mytext']);
$affected_rows = $stmt->rowCount();
if($stmt->execute()) { echo "Success!"; } else { echo "Failure!"; };
//var_dump($_POST) // slash slash means uncommented
?>
$stmt->bindParam(':nr', $_POST['nr']);
it does the same as:
$str1 = $_POST['name'];
Re: Can any experienced HTTPS/MySQL user help build webservice.
Thanks Sphere... true..if I can only understand it that way.
Maybe adding detailled comments on each above line could help totaly beginners like me, with no programing background at all.
Thanks for the "binding" concept note, It will be usefull
Maybe adding detailled comments on each above line could help totaly beginners like me, with no programing background at all.
Thanks for the "binding" concept note, It will be usefull
Re: Can any experienced HTTPS/MySQL user help build webservice.
Maybe I will do so if I have time for it.
the binding is a protection for SQL injection, to prevent hackers inject data they could use.
No problems, it takes time. I don't know everything about it too. I just trial and error too.
But that How to works ok.
You can use it as a base and expand it yourself.
You can get a lot of help here, but remember Google is your friend (as well as any other search engine )
the binding is a protection for SQL injection, to prevent hackers inject data they could use.
No problems, it takes time. I don't know everything about it too. I just trial and error too.
But that How to works ok.
You can use it as a base and expand it yourself.
You can get a lot of help here, but remember Google is your friend (as well as any other search engine )
Re: Can any experienced HTTPS/MySQL user help build webservice.
Hi sphere,
I naturaly came to use this LC function
to deal with foreign language accents and I was wondering if that is what you were mentioning in your previous post ?
If it is so, than I wont keep wonderding for some other kind of encoding (?) but jump to encryption functions instead...
thanks !
I naturaly came to use this LC function
Code: Select all
put textEncode(tValue, "UTF-8") into tValueE
.(besides encryption and decryption you also need to encode and decode, else it won't work and you get false data)
If it is so, than I wont keep wonderding for some other kind of encoding (?) but jump to encryption functions instead...
thanks !