Re: serverside "relay" script
actually me too use server side Perl script to communicate with desktop
application created in rev and a MySQL database on a server. First of
all it is actually the only secure way to do this, because leaving mysql
port open for everybody is a highly UNSECURE and unrecommended practice.
Besides using the relay srcipt one gains additional control over the
communication between the db & the client. In my case queries had to be
limited to SELECT only with user passwords. Additionally it filters out
some potentially dangerous commands like "drop". User must post two
parameters to communicate with the database: q.pl?p=[password]&q=[sql
query] and as a result gets back the resultset in form of tab delimited
text. The Perl script is:
#! /usr/bin/perl -wT
use strict;
use CGI qw(:standard);
use DBI;
print header;
my $sth;
my $q=param('q');
my $p=param('p');
my @line;
if ($p eq "password_goes_here")
{
unless ($q=~m/update|delete|alter |insert|truncate|drop
|modify|create|\0|use |set |values\(|check | key /i)
{
my $dbh =
DBI->connect("DBI:mysql:database=db_name:host=localhost","db_user","db_password")
or die "$DBI::errstr\n";
$sth = $dbh->prepare($q);
$sth->execute();
while (my @line = $sth->fetchrow_array)
{
if (@line) {print join("",@line)."\n";}
}
$sth->finish();
$sth = $dbh->disconnect();
}
else
{
print "\err.#1000: Access denied"; #Wrong password
}
}
else
{
print "\err.#1001:\"$p\" Access denied"; #Potentially dangerous commands
in query
}
exit 0;
and the clientside Revolution function (stack's script) is as simple as:
function Q vQ
local myServer
local myData
put "http://dommain.net/cgi-bin/q.pl"; into myServer
put "p=authentication password&" & "q=" & URLencode(vQ) into myData
post myData to URL myServer
wait 1 sec
if it is not empty then
return it
else
return "No matches found or timeout"
exit to top
end if
end Q
Now we can send any sql select statement or multiple statements and get
back the result from any handler using:
get Q("SELECT * FROM invasions")
It works, though sometimes timeouts happen...
All the best!
Viktoras
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Filemaker through ODBC
Mark Wieder wrote: Richard- Monday, October 1, 2007, 3:20:06 PM, you wrote: FileMaker's gotten pretty good in the last few releases. Why does it need a front-end? FileMaker by itself isn't programmable... Of course that depends on how one defines "programmable". I guess it could mean a lot of different things to different people. Is it limited to things that require a lot of typing? What is the role of iconic systems? Is it really "programming" if you're not declaring types? Some people even question whether any 4GL, like Rev, is "real programming". I'll leave all that to the philosophy majors. I'm just a developer so my job is much simpler: to deliver software solutions to users which provide a strong ROI for the owner. I've made some of those with FMP, and was glad I did. And so were my clients, their users, and their accountants. I'd have a sit-down with Todd Geist, one of the Rev community's most experienced FMP developers, before dismissing the product so out of hand. Like any 4GL, when what you need is what it does, it does it pretty well. -- Richard Gaskin Managing Editor, revJournal ___ Rev tips, tutorials and more: http://www.revJournal.com ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Re: serverside "relay" script (was: RealBasic pulls MySQL support)
FYI:
We just did a (simple) test of the serverside PHP middleware "relay"
concept, and it worked great!
First, made a stack with a button with this script:
on mouseUp
put "SELECT * FROM users" into tSQL
put libUrlFormData("jjmysqlquery", tSQL) into tFormData
post tFormData to url "http://www.revcoders.org/mysqlrelay.php";
answer tAnswer
end mouseUp
Then, on the server, a PHP script:
$connect = mysql_pconnect($hostname, $username, $password) or
trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database, $connect);
$jjmysqlquery = $_POST['jjmysqlquery'];
$result = mysql_query($jjmysqlquery) or die("Error #" . mysql_errno
() . ":" . mysql_error() );
while ($row = mysql_fetch_array($result)) {
echo $row[1]."|";
}
?>
The "it" variable had all the right data (from the first column of
all records)! Yay!!!
Obviously, this is a crude test, we still need to implement security,
and explode the array in PHP to deliver all the columns, etc.
We will need to use a different PHP command to execute commands like
UPDATE, DELETE, etc. And we may go with a Rev CGI instead of PHP.
But I think this is a much superior idea to what I was doing before,
which required updating the remote script with every different SQL
query or command needed, which was madness!!! :-)
On Sep 12, 2007, at 10:59 AM, Josh Mellicker wrote:
Chris,
Did you settle on a simple PHP script that receives SQL statements
from Rev and simply "relays" them on to the localhost MySQL? And
then relays raw output back?
(Along with appropriate security measures of course)
---
The reason I ask is when I first started down the "Rev <-> PHP <->
remote db" path I wrote the SQL, and much of the parsing of the
returned data in PHP.
I was trying to make it easy in Rev, just sending requests (similar
to function calls, like "getCustomers"), then having PHP nicely
format data before returning. It turned into a real headache having
to switch languages and dev environments, and deciding what part of
the data processing belonged where.
Then, I realized you could just write a simple PHP script that took
completely formatted SQL and simply "bounced" them to MySQL... and
bounced the raw data back... but have not tried it yet.
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
___
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Filemaker through ODBC
Richard- Monday, October 1, 2007, 3:20:06 PM, you wrote: > FileMaker's gotten pretty good in the last few releases. Why does it > need a front-end? FileMaker by itself isn't programmable, although the latest version has a poorly-publicized php interface. -- -Mark Wieder [EMAIL PROTECTED] ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
Unit Testing and Revolution
Has anyone done any work with unit testing and Revolution, perhaps towards putting together a framework a la jUnit, pyUnit etc? If so I'd be most interested to hear more. Many thanks, - Ben ___ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
