Can any experienced HTTPS/MySQL user help build webservice.

Creating desktop or client-server database solutions?

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Thu Dec 14, 2017 4:50 pm


teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Fri Dec 15, 2017 12:38 am

Ok, seems PDO is the (most modern) way to go ! :idea:

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Sat Dec 16, 2017 10:57 am

Yes, and if you encounter problems,

You can use this to help solving it:
https://phpcodechecker.com/

Just copy your script and it will give hints, a real help.

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Mon Dec 18, 2017 11:58 pm

HI Sphere

Okay, I´ve switched to using PDO PHP and MariaDB now,
So far I m suceeding in doing this.
1) Create Delete Retreive values from the MariaDB using PHP.
2) Insert "hard coded" values for records from a PHP file-
3) Secure the Database access Param in a non-public server folder

So using PDO...

How do one securely "send" typed in values from an LC stack to my public PHP waitting to record new data ?

I guess this means "WITHOUT" sending again all the DB Access Parameters ? :roll:

All the LC samples I´ve used so far did include the use of Rev connection with DBnames+PWs,etc..

i´m not sure to understand how this work from now on using a Livecode Stack client ?

Any samples to deal with this PHP new records file ?

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Tue Dec 19, 2017 12:55 pm

Hi Teriibi,

good to hear.
You only need to send the DB access parameters when you use LC directly to access your DB, not if you use middleware (communication via PHP)
When you followed the How To...then you can see that you don't need to send the connection parameters for your DB. Because they are in connect_db.PHP file which is called locally on your server. So by sending data with your app via the postinsert_by_id.PHP or whatever then this file calls the access parameters locally on the server with this line: require_once 'connect_db.php'; , so it is not send or requested by your (mobile) app.

You only need to send or retrieve data to the correct PHP file which contains the commands to do so in your DB.
So this is a part of your LC script:
put "nr="& fld"id" & "&mytext=" & fld"txt" into varInsert
post varInsert to url"http://127.0.0.1/pdo_test/postinsert_by_id.php"

so you can see the data from your app is send to the insert php file.
the nr= and mytext= are columns in your DB

If you want any data send secure then you'll have to encrypt it, so no one except you (your app) can read it again. So you have to encrypt it in your app, then send it to your DB.
When retrieving you have to decrypt again. You have to use LC9 for this, as it supports the safer encryption methods. (besides encryption and decryption you also need to encode and decode, else it won't work and you get false data).

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Tue Dec 19, 2017 2:45 pm

Ok, tks a lot, makes it much much clearer now. :D

So I´m writing a simplier script which works 1/2 way...that is,
The php receive the request and even echo back to the LC Stack (waow !! :D )
But the name "max" of variable does not get added...

Code: Select all

ON MOUSEUP
   put "$name=´max´;" into myData
   post myData to URL "http://www.myserver.com/receiving.php"
   answer it
end MOUSEUP
(PHP FILE)

Code: Select all

<?php
## $db = new PDO('mysql:host=localhost;dbname=db_name', 'db_user', 'db_password');
  require "../../db/data.php";

// :username, :gender, :country are named placeholders in the SQL syntax below
$sql = "INSERT INTO sampledata (name, age, email) VALUES (:name, :age, :email)";
$stmt = $db->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':age', $age);
$stmt->bindParam(':email', $email);

$estim = rand(10,99);
$str1 = myData;

$stri1;
$age = $estim;
$email = $estim . '@gmail.com';
$stmt->execute();

echo "Prep statements done : ".$estim;
$db = null;
?>
I ve replaced ´ by " but with no results
Whats wrong with passing the value this way ?
...and how can I keep it simple for my trial ? :shock:

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Tue Dec 19, 2017 3:11 pm

if it is only one fixed item to send then in your lc script it should be:
put "name=max" into myData

if max is a variable, like Put Mini into tMax, or Put field"first name of person" into tMax, then it should be:
put "name=" & tMax into myData

if you have more then one item or variables it should be:
put "name=max" & "&surname=" & tSurname into myData (you see the extra & before surname)

you see that the first column name of your DB does not need the & (and symbol, not the dollar symbol), but every following needs the & symbol

the $ dollar symbol is used in the PHP file, also the semicolon ; symbol is used in the PHP file, not in the lc script

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Tue Dec 19, 2017 7:02 pm

Okayyy, I m going to test that in a moment...
Yes I was trying to send 1 value at first coz I´m not used to the syntax to send several, but definitely would use it right after.. :idea:
Thansk again sphere :D

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Tue Dec 19, 2017 9:33 pm

Well, I´ve been changing the stack in dif ways but nothing get Caught on the PHP side.
So I guess that is where the bug resides..

Have you checked the PHP syntax for the Value to get caught ?
I can´t figure out how the PHP files "knows" what to do with the value contained into MyData
as long as its not linked to some field - alhough LC is probably smarter than I :lol:

The dif syntax for the link I tried to create in the PHP were :...
1) $name = myData;
2) $name = $myData;
3) $name = $myData´;

All I get is a new record with name : "myData" while "prep statement done" returns a success msj.

how do one link the Mydata content to the apropriate field ?

SparkOut
Posts: 2834
Joined: Sun Sep 23, 2007 4:58 pm

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by SparkOut » Tue Dec 19, 2017 10:59 pm

In LC put "name=Max" into mydata before posting mydata to the target url

In the php try
$str1 = $_POST['name'];

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Wed Dec 20, 2017 2:56 am

Great !!!
Thanks SparkOut, works like a charm now, !!
Thanks you both, I´d never knew where to locate that info !
:idea: :D

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Wed Dec 20, 2017 11:36 am

Sparkout is right.
It's exactly written in this post, as shown before:
http://forums.livecode.com/viewtopic.php?f=12&t=27521

Code: Select all

<?php
// get the access
require_once 'connect_db.php';

try { 
  $stmt = $db->prepare("INSERT IGNORE INTO `tablename` (`id`, `mytext`) VALUES (:nr, :mytext)");
  $stmt->bindParam(':nr', $_POST['nr']);
   $stmt->bindParam(':mytext', $_POST['mytext']);

  $affected_rows = $stmt->rowCount();

 if($stmt->execute()) { echo "Success!"; } else { echo "Failure!"; };

 //var_dump($_POST)  // slash slash means uncommented
?>
in this peace is that what you POST is bind to the column where it should go:
$stmt->bindParam(':nr', $_POST['nr']);

it does the same as:
$str1 = $_POST['name'];

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Wed Dec 20, 2017 12:28 pm

Thanks Sphere... true..if I can only understand it that way.
Maybe adding detailled comments on each above line could help totaly beginners like me, with no programing background at all. :oops: :!:
:mrgreen:

Thanks for the "binding" concept note, It will be usefull :mrgreen:

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Wed Dec 20, 2017 12:59 pm

Maybe I will do so if I have time for it.

the binding is a protection for SQL injection, to prevent hackers inject data they could use.
No problems, it takes time. I don't know everything about it too. I just trial and error too.
But that How to works ok.
You can use it as a base and expand it yourself.

You can get a lot of help here, but remember Google is your friend (as well as any other search engine :D )

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Tue Jan 09, 2018 2:51 pm

Hi sphere,

I naturaly came to use this LC function

Code: Select all

put textEncode(tValue, "UTF-8") into tValueE
to deal with foreign language accents and I was wondering if that is what you were mentioning in your previous post ?
(besides encryption and decryption you also need to encode and decode, else it won't work and you get false data)
.

If it is so, than I wont keep wonderding for some other kind of encoding (?) but jump to encryption functions instead...

thanks ! :P

Post Reply

Return to “Databases”