Page 1 of 1

Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 5:39 am
by swheeler
Hi,

I'm a newbie working on a PHP script to retrieve information from a mySQL database. The script works fine when executed from the Browser with the following URL format:

http://www.myDomain.com/QueryOrderTable ... abase=myDB

But, when I attempt to call it programmatically using HTTP WebRequest (local .NET app) I get an 'undefined index' error message for all four parameters that I am attempting to pass in:

<b>Notice</b>: Undefined index: server in... (partial error message)

If I 'hard-code' these values into the script (rather than using $server = $_GET['server']) everything executes properly and I get my content back programmatically via the RequestStream.

The following is the very top part of my script that utilizes the $_GET statements to assign variables:

Code: Select all

<?php

$server = $_GET['server'];
$username = $_GET['username'];
$password = $_GET['password'];
$database = $_GET['database'];
$conn = mysql_connect($server, $username, $password);
So, in a nutshell, I'm not able to effectively pass in my parameter values. Any help/direction would be greatly appreciated.

Thanks,
Scott

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 9:10 am
by swheeler
OK. I ended up pushing through it and finding a solution. For anyone else experiencing the problem, try using $_REQUEST instead of $_GET to assign variable values.

Scott

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 10:08 am
by Jade
I hope you realize passing the username/password information unencrypted is a severe security risk?

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 10:25 am
by swheeler
Hi Jade,

Thanks for picking-up on the topic. How would you approach the encryption/decryption within the script?

Thanks,
Scott

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 11:03 am
by Jade
Well first of all I probably wouldn't just allow someone to send over the connection info, period. I would create a generic user, say SOAPuser and give that user type very limited permissions to access the database. Then anytime they need to use some kind of soap functionality it would give them access to the server/database as SOAPuser.

However if that's not an option I would use MD5 or SHA1 and only accept encoded username/password combinations.

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 1:11 pm
by swheeler
Thanks for the recommendation. I see that the .NET Framework has an MD5 class as well. I could certainly use this to encrypt before passing then decrypt on the server-side.

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 1:57 pm
by Jade
You can't decrypt MD5 once it's encrypted... however you can encrypt the correct password on your end and then check to see if both encrypted strings match each other :D

Re: Script not accepting parameters via HTTP WebRequest

Posted: Mon Jul 12, 2010 2:13 pm
by swheeler
I was wondering about that after I sent the email. The MD5 thread you referenced actually has a post on it in-which one contributor offers a decryption function. Whether it works or not I'm not sure. One other individual indicated that UTF-7 encoding must be used to ensure compatibility between .NET and PHP.