Access mysql without installing drivers

[synaps 0]

I am building something to distibute to users on a forum, and it requires access to the forums mysql database.

Is there any way to access a mysql database on a webhost without the users having to install that mysql driver onto their machines.

[/dev/null 0]

Is there any way to access a mysql database on a webhost without the users having to install that mysql driver onto their machines.

no, with two exceptions.

1.) You re-implemt the whole MySQL protocol with the TCP functions purely in AutoIT. Well, that's an illusion !

2.) You provide another way to access the data in the database (e.g. sepcial

web pages built with PHP). You can then access those web pages and retrieve

or add data, like this: http://www.server/get_data.php?userid=&quo..."xxx"

and http://www.server/put_data.php (usually you'll use a POST request) here.

Oh, please don't ask me if such functions are available somewhere. Search google!

If that's all not O.K. for, you should consider installing the MySQL ODBC driver and

use the MySQL UDF (search the forum).

Cheers

Kurt

[synaps 0]

I think I have sorted it. Used the standalone version of cURL to submit the data into a html form on my webhost, kinda messy but it works.

[Confuzzled 1]

Beware of script injection compromise vulnerabilities where undesirables can use specially formulated URLs to hack your database.

[thefluxster 0]

For my MySQL scripts, I typically include a slightly modified version of cdkid's script for installing the MySQL ODBC drivers. The script checks to see if the user has installed the MySQL ODBC drivers and installs it automatically if they haven't.

Please see this post for more info:

http://www.autoitscript.com/forum/index.ph...mp;#entry143788

[SiteMaze 0]

How about a third option of including mySQL.exe into your autoit installation and running sql queries in commandline.

1. No need to install drivers.

[jokke 0]

Hehe i guess he found a solution, since he posted this inn 2006

Running commandline would also be a risk since you would need to logon to server, hence someone might be able to exploit the situation with switching out "mySQL.exe" with a recorder. Recording Username and Password.

Edit:typo

Edited February 19, 2008 by jokke

[Xand3r 0]

well i use the odbc drivers with the mysql udf and it works great ...

so i would definetly choose that (i already did )

and as for the voulnerabilities of mysql urls check for myql injection on the web... it's very easy to make a secure page

like here's a simple soultion

if(strstr($name , "'")) die("Oups");
if(strstr($name , '"')) die("Oups");

and to prevent javascript injection or other stuff

html_specialchars()

html_specialchars should remove the quotes too... but i like to be safe

Edit: btw the examples are php

Edited February 19, 2008 by alexmadman

[SiteMaze 0]

Running commandline would also be a risk since you would need to logon to server, hence someone might be able to exploit the situation with switching out "mySQL.exe" with a recorder. Recording Username and Password.

Yeah, it was a question on my side and for others who might stumble on this thread.

I am deploying solutions based on accessing mySQL db and was weighting the pros and cons of each. What if the database changed to Oracle? Is using ODBC the best solution? I am clueless as the OP.

1. ODBC

2. Drivers

3. commandline

I've seen commercial applications based on ODBC, so if the db changes, the user need only change the ODBC.

Edited February 19, 2008 by SiteMaze