Sign in to follow this  
Followers 0
synaps

Access mysql without installing drivers

9 posts in this topic

I am building something to distibute to users on a forum, and it requires access to the forums mysql database.

Is there any way to access a mysql database on a webhost without the users having to install that mysql driver onto their machines.

Share this post


Link to post
Share on other sites



Is there any way to access a mysql database on a webhost without the users having to install that mysql driver onto their machines.

no, with two exceptions.

1.) You re-implemt the whole MySQL protocol with the TCP functions purely in AutoIT. Well, that's an illusion !

2.) You provide another way to access the data in the database (e.g. sepcial

web pages built with PHP). You can then access those web pages and retrieve

or add data, like this: http://www.server/get_data.php?userid=&quo..."xxx"

and http://www.server/put_data.php (usually you'll use a POST request) here.

Oh, please don't ask me if such functions are available somewhere. Search google!

If that's all not O.K. for, you should consider installing the MySQL ODBC driver and

use the MySQL UDF (search the forum).

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

I think I have sorted it. Used the standalone version of cURL to submit the data into a html form on my webhost, kinda messy but it works.

Share this post


Link to post
Share on other sites

Beware of script injection compromise vulnerabilities where undesirables can use specially formulated URLs to hack your database.

Share this post


Link to post
Share on other sites

For my MySQL scripts, I typically include a slightly modified version of cdkid's script for installing the MySQL ODBC drivers. The script checks to see if the user has installed the MySQL ODBC drivers and installs it automatically if they haven't. :whistle:

Please see this post for more info:

http://www.autoitscript.com/forum/index.ph...mp;#entry143788


“Efficiency is doing things right; effectiveness is doing the right things.”-Peter F. Drucker

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Hehe i guess he found a solution, since he posted this inn 2006 :)

Running commandline would also be a risk since you would need to logon to server, hence someone might be able to exploit the situation with switching out "mySQL.exe" with a recorder. Recording Username and Password.

Edit:typo

Edited by jokke

UDF:Crypter a file encrypt / decrypt tool with no need to remember a password again. Based on Caesar cipher using entire ASCII Table.Script's: PixelSearch Helper, quick and simple way to create a PixelSeach.Chatserver - simplified, not so complicated multi-socket server.AutoIT - Firewall, simple example on howto create a firewall with AutoIt.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

well i use the odbc drivers with the mysql udf and it works great :D...

so i would definetly choose that (i already did :D)

and as for the voulnerabilities of mysql urls check for myql injection on the web... it's very easy to make a secure page :)

like here's a simple soultion ;)

if(strstr($name , "'")) die("Oups");
if(strstr($name , '"')) die("Oups");

and to prevent javascript injection or other stuff

html_specialchars()

html_specialchars should remove the quotes too... but i like to be safe :)

Edit: btw the examples are php :)

Edited by alexmadman

Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Running commandline would also be a risk since you would need to logon to server, hence someone might be able to exploit the situation with switching out "mySQL.exe" with a recorder. Recording Username and Password.

Yeah, it was a question on my side and for others who might stumble on this thread.

I am deploying solutions based on accessing mySQL db and was weighting the pros and cons of each. What if the database changed to Oracle? Is using ODBC the best solution? I am clueless as the OP.

1. ODBC

2. Drivers

3. commandline

I've seen commercial applications based on ODBC, so if the db changes, the user need only change the ODBC.

Edited by SiteMaze

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0