Jump to content

remote query


sniperscope

Recommended Posts

Hello

I have two physically seperated server and i want to Read, Update and Insert into remote server's database.

 

My connection code is working

<?php
$cn = mysql_connect("xxx.xxx.xxx.xxx:3306", "username", "password");
mysql_select_db("db_name", $cn);
?>

 

however, when i try to retrieve data from remote server i got nothing to return.

 

$sql = mysql_query("SELECT id FROM user_master WHERE user_id = '" .$name. "' AND user_pass = '" .$pass. "' LIMIT 1");
$row = mysql_fetch_array($sql);
if(mysql_num_rows($sql) == 0)
 echo "wrong username or password";
else
 header("location: index.php");

 

What am i doing wrong ?

Link to comment
Share on other sites

@Barand: There is no error on output. But select query is return with 0 result.

@Fenway : What am i doing is Just use same database at two different server. User can login from Server B by sql query at Server A.

 

While waiting some help, i had a crazy idea. Not sure if it works or not but want to give a try.

 

Create same db at Server B as well, So if user update at Server A then updated parameters send to Server B through cURL. Delete and insert wil work same way. So i will have two different DB but simultaneously synchronize.

 

Is this good idea?

Link to comment
Share on other sites

nope, i always use utf8-general-ci.

 

I am trying to do is:

1 - Check user is really exist and valid when he click "Log in" button.

2 - After succesfully logged in then display his/her entire detail.

3 - If he/she edit/delete something then update on remote server db.

 

 

/* Off Topic */

 

It says "Advanced Member" in my profile but somehow i am still asking simple php question. What an irony :)

 

/* Off Topic */

Edited by sniperscope
Link to comment
Share on other sites

My Password include lower/upper case and special character with 16 chars long and I Copy and paste from original connection string.

Is that possible that something on server A or B is blocking communicate.

Currently my servers has CSF firewall, iptables and ddos deflate. This is last thing i am thinking.

Link to comment
Share on other sites

I would strongly recommend that you read this article about secure login systems. As everyone above pointed, your script is not secure at all.

If anyone would get a hold of your user DB, which is very likely, then all of your users' passwords is out there in the open. Since people tend to use the same password for all of the sites they've registered to, this means that your DB is a gold mine for anyone looking to get access of a large number of e-mail accounts.

Which spammer wouldn't love to do that..?

 

So, read the article, and adhere to its advice. For the sake of your users, if not your own reputation (and possible liability).

Edited by Christian F.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.