> -----Original Message----- > From: Don Cohen [mailto:don-mysq...@isis.cs3-inc.com] > > The http request I have in mind will be something like > https://server.foo.com?user=john&password=wxyz&;... > and the resulting query something like > select ... from table where user=john and ... > (I will first have verified the password.)
For the love of God and all that is holy, do NOT put the user/pass on the URL like that!!!!!! Do something like this instead: http://us.php.net/manual/en/features.http-auth.php Or use "mod_auth_mysql" to maintain your 'authorized' users to your page. And as Adam beat me to, use a VIEW to expose ONLY the columns and joins you want. This is also a good time to normalize the data and column names so that you don't expose what their internal names are. http://dev.mysql.com/doc/refman/5.0/en/create-view.html http://www.techotopia.com/index.php/An_Introduction_to_MySQL_Views http://www.devshed.com/c/a/MySQL/Views-and-More-in-MySQL-50/ But also has he said, I don't see what you're trying to accomplish. If someone is technically literate to format SQL statements, then just give them a read-only account to the mysql (or view) directly. Let them use their own GUI tool like SQLYog or whatever -- it will be far more robust than anything you can write yourself. If you're trying to do some "reports", then just code up the reports and use select boxes for the options you want someone to choose. Use jQuery and table_sorter plugin and you're done. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
