synaps Posted August 7, 2006 Posted August 7, 2006 I am building something to distibute to users on a forum, and it requires access to the forums mysql database. Is there any way to access a mysql database on a webhost without the users having to install that mysql driver onto their machines.
/dev/null Posted August 7, 2006 Posted August 7, 2006 Is there any way to access a mysql database on a webhost without the users having to install that mysql driver onto their machines. no, with two exceptions. 1.) You re-implemt the whole MySQL protocol with the TCP functions purely in AutoIT. Well, that's an illusion ! 2.) You provide another way to access the data in the database (e.g. sepcial web pages built with PHP). You can then access those web pages and retrieve or add data, like this: http://www.server/get_data.php?userid=&quo..."xxx" and http://www.server/put_data.php (usually you'll use a POST request) here. Oh, please don't ask me if such functions are available somewhere. Search google! If that's all not O.K. for, you should consider installing the MySQL ODBC driver and use the MySQL UDF (search the forum). Cheers Kurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
synaps Posted August 7, 2006 Author Posted August 7, 2006 I think I have sorted it. Used the standalone version of cURL to submit the data into a html form on my webhost, kinda messy but it works.
Confuzzled Posted August 8, 2006 Posted August 8, 2006 Beware of script injection compromise vulnerabilities where undesirables can use specially formulated URLs to hack your database.
thefluxster Posted November 9, 2006 Posted November 9, 2006 For my MySQL scripts, I typically include a slightly modified version of cdkid's script for installing the MySQL ODBC drivers. The script checks to see if the user has installed the MySQL ODBC drivers and installs it automatically if they haven't. Please see this post for more info:http://www.autoitscript.com/forum/index.ph...mp;#entry143788 “Efficiency is doing things right; effectiveness is doing the right things.”-Peter F. Drucker
SiteMaze Posted February 19, 2008 Posted February 19, 2008 How about a third option of including mySQL.exe into your autoit installation and running sql queries in commandline. 1. No need to install drivers. Arsenal Football Fan Club in Singapore
jokke Posted February 19, 2008 Posted February 19, 2008 (edited) Hehe i guess he found a solution, since he posted this inn 2006 Running commandline would also be a risk since you would need to logon to server, hence someone might be able to exploit the situation with switching out "mySQL.exe" with a recorder. Recording Username and Password. Edit:typo Edited February 19, 2008 by jokke UDF:Crypter a file encrypt / decrypt tool with no need to remember a password again. Based on Caesar cipher using entire ASCII Table.Script's: PixelSearch Helper, quick and simple way to create a PixelSeach.Chatserver - simplified, not so complicated multi-socket server.AutoIT - Firewall, simple example on howto create a firewall with AutoIt.
Xand3r Posted February 19, 2008 Posted February 19, 2008 (edited) well i use the odbc drivers with the mysql udf and it works great ... so i would definetly choose that (i already did ) and as for the voulnerabilities of mysql urls check for myql injection on the web... it's very easy to make a secure page like here's a simple soultion if(strstr($name , "'")) die("Oups"); if(strstr($name , '"')) die("Oups"); and to prevent javascript injection or other stuff html_specialchars() html_specialchars should remove the quotes too... but i like to be safe Edit: btw the examples are php Edited February 19, 2008 by alexmadman Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro
SiteMaze Posted February 19, 2008 Posted February 19, 2008 (edited) Running commandline would also be a risk since you would need to logon to server, hence someone might be able to exploit the situation with switching out "mySQL.exe" with a recorder. Recording Username and Password.Yeah, it was a question on my side and for others who might stumble on this thread.I am deploying solutions based on accessing mySQL db and was weighting the pros and cons of each. What if the database changed to Oracle? Is using ODBC the best solution? I am clueless as the OP.1. ODBC2. Drivers3. commandlineI've seen commercial applications based on ODBC, so if the db changes, the user need only change the ODBC. Edited February 19, 2008 by SiteMaze Arsenal Football Fan Club in Singapore
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now