hi,
I'm developing a cms using filemaker pro and a php plugin which allows me execute php code from within the database (scodigo - its great, check it out!). My problem is, i want to be able to update a mysql database on the webserver from within filemaker, ie, a local machine. the web hosts say basically the only way to get in is via ssh, or a web page hosted on teir servers. currently the cluent uses a web-based cms, with a basic login. so i was wondering if i could send login information as a header, along with the database update fields as headers across to the existing cms, or more likely, a custom one i write on the webserver, to update the database?
i've done this in java, but not very experienced in php, so was looking for some hints - or am i going about this assbackwards and is there a better way?
cheers for reading!
gina
send login information to remote php page using headers?
Moderator: General Moderators
Re: send login information to remote php page using headers?
You could write a script on the server which has access to the database, and send commands to it.
For example, let it accept arguments via http post, and then it runs the query on the database. You would want to protect this well though. Definately password protect it, and if your local computer has a static ip address, make this script reject any posts from different ip's for added protection. Consider making this script connect to the database with a different user which has the bare minimum privledges needed. While you could submit an entire sql query, you might consider some predefined querys, and only post the arguments to the query. This may limit the damage the script could do in the event it got compromised. eg
As for the script which runs locally and sends the commands to the server, you can construct http post requests pretty easily using a few ways. You can use curl, or fsockopen(), or even fopen() with stream_context_create().
For example, let it accept arguments via http post, and then it runs the query on the database. You would want to protect this well though. Definately password protect it, and if your local computer has a static ip address, make this script reject any posts from different ip's for added protection. Consider making this script connect to the database with a different user which has the bare minimum privledges needed. While you could submit an entire sql query, you might consider some predefined querys, and only post the arguments to the query. This may limit the damage the script could do in the event it got compromised. eg
Code: Select all
// authenticate user/connection here...
// instead of
mysql_query($_POST['sql']);
// do something like this
switch ($_POST['action']) {
case 'delete_record':
$format = "delete from foo where id = %d";
$sql = sprintf($format, (int) $_POST['id']);
mysql_query($sql);
break;
case 'update_username':
$format = "update foo set username = '%s' where id = %d";
$sql = sprintf($format, mysql_real_escape_String($_POST['username']), (int) $_POST['id']);
mysql_query($sql);
break;
}