adzie Posted September 4, 2009 Share Posted September 4, 2009 Hello folks, I currently use connect.php to initiate a connection to my DBs. I want someone on another server to access it without giving them login details. We have tried including the connect.php but get url php access error. Having read other posts I dont want to allow this access, Is there a work around or another solution to allow access without giving some the login details. Ta. Link to comment https://forums.phpfreaks.com/topic/173154-url-php-access/ Share on other sites More sharing options...
Garethp Posted September 4, 2009 Share Posted September 4, 2009 Create an API using $_GETs or $_POSTs to do execute the queries depending on what you receive Link to comment https://forums.phpfreaks.com/topic/173154-url-php-access/#findComment-912683 Share on other sites More sharing options...
bundyxc Posted September 4, 2009 Share Posted September 4, 2009 You could try something like this. Other server connects to connect.php?type=SELECT&query=SELECT%20*%20FROM%20users%20WHERE%201 Just an idea. Probably need debugging, since I just wrote it up, for the most part. if (isset($_POST['query']) && (isset($_POST['type']) { $con = mysql_connect('a','b','c'); if (!$con) { die (mysql_error()); } else { $dbSelect = mysql_select_db('d', $con); if (!$dbSelect) { die (mysql_error()); } } mysql_query($_POST['query']) or die(mysql_error()); if ( $type == 'SELECT' || $type == 'SHOW' || $type == 'DESCRIBE' || $type == 'EXPLAIN') { $go = mysql_query($_POST['query'],$con) die (mysql_error() . ": " . $query); $num = mysql_num_rows($go); print('Query Type: ' . $_POST['type']); print('<br />'); print('Query: ' . $_POST['query']); print('<br />'); print('Rows: ' . $num); print('<br />'); while( $row = mysql_fetch_assoc($go)) { print_r($row); } } else { $go = mysql_query($_POST['query'],$con) die (mysql_error() . ": " . $query); print('Query: ' . $_POST['query']); print('<br />'); print('Query return: ' . print_r($go); } } Link to comment https://forums.phpfreaks.com/topic/173154-url-php-access/#findComment-912689 Share on other sites More sharing options...
samshel Posted September 4, 2009 Share Posted September 4, 2009 Opening up your database and allowing firing of any queries is as good as giving complete access of the database. They can fire the delete, drop and other harmful queries. What i suggest u need is a webservice. Which will host all the functions that they want to do. For example, if they want to update thier own details, you can expose a function called updateUser which will check the username, password and update the database. This way the queries stay with u and ur database is safe. Apologies if i misunderstood ur requirements Sam Link to comment https://forums.phpfreaks.com/topic/173154-url-php-access/#findComment-912809 Share on other sites More sharing options...
tom2oo8 Posted September 4, 2009 Share Posted September 4, 2009 On Cpanel there is a way of adding another user to the database and giving them limited privileges if you have cpanel? Link to comment https://forums.phpfreaks.com/topic/173154-url-php-access/#findComment-912817 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.