...

View Full Version : PHP include across URLs



Dalsor
09-26-2003, 01:48 AM
Greetings,

I have a database where I store information so that other users on my server can access it via a set of generic scripts they can customize to display the information the way they want. I want to give them a script that 'includes' the dbname and dbpass from my server so they don't see the dbname and password.

This script works.



<?php
$db_connection = mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
$db_select = mysql_select_db('guilds') or die (mysql_error());

print '<table>';

$result = mysql_query("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
while ($row = mysql_fetch_array($result)) {
print '<tr><td>' . $row['ch_name'] . '</td><td>' . $row['ch_guild'] . '</td></tr>';
}

print '</table>';
?>


What I'd like to do, though is split this up to look like:


This script resides on my directory.
<?php
$db_connection = mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
$db_select = mysql_select_db('guilds') or die (mysql_error());
?>

This script is ran by the user.

<?php
include('http://mydomain.com/dbcon.php');
print '<table>';

$result = mysql_query("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
while ($row = mysql_fetch_array($result)) {
print '<tr><td>' . $row['ch_name'] . '</td><td>' . $row['ch_guild'] . '</td></tr>';
}

print '</table>';
?>


The second method refuses to work. I always end up with a MySQL error which results from the page not being included right, the variables not coming across right, or some such.

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/myuser/public_html/lookup.php on line 6

I apologize for posting in the wrong forum if this is a MySQL error, but it looks like something to do with the include since it works one way and not the other.

Thanks!

Eric

Nightfire
09-26-2003, 01:56 AM
AS far as I know, you can't do this without having remote access or something like that set up on mysql.

Also, having that query in the users file is very dangerous. Anyone could simply change it to drop your entire database.

Dalsor
09-26-2003, 01:58 AM
The database is on the same server as myself and all the other users.

Dalsor
09-26-2003, 02:21 AM
The only thing that MySQL user can do is select.

I'm wondering if I'd be better off just supplying a generic password, letting the users have the whole script and saying heck with it. Any thoughts on that?

Thanks!

Eric

raf
09-26-2003, 07:41 AM
I'm not sure i understand the situation.

The webserver that serves the other peoples applications is on the sameserver as you MySQL server. Right ? OK, then you can include a file with the user, pwd, server and db parameters.

But i believe it's better to use a relative path to file then http (not sure) and to place the path somewhere above the www root (so that it isn't accesible through the web).
Or to simple create a new MySQL account for each application (so that you can lilimt there rigths to the db's they actually use) and send them all an include like your

<?php
$db_connection = mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
$db_select = mysql_select_db('guilds') or die (mysql_error());
?>

(but with differnt accountname etc.


Anyway, i would change


$result = mysql_query("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
while ($row = mysql_fetch_array($result)) {
print '<tr><td>' . $row['ch_name'] . '</td><td>' . $row['ch_guild'] . '</td></tr>';
}


into


$select = ("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
$result = mysql_query($select) or die (mysql_error());
if (mysql_num_rows($result) > 0){
while ($row = mysql_fetch_array($result)) {
}
else{
echo ("No records found.");
}

To get a more detailed view on the problem (and to have better errortrapping when you get it to work)

Dalsor
09-26-2003, 05:42 PM
Thanks, Raf.

I've got some problems with the C code that's going to force me to re-think the whole way I'm initially populating the db, most likely having more than one db or at least multiple tables to handle the data. But that's just me babbling...

All of this is on one server. All of the users (including myself) operate out of /home/whatever/public_html. Each account also has open_basedir and include_path set static in the httpd.conf. If I understand correctly, I can drop the variables themselves into an include file like...

$db = "thedatabase"
$dbhost = "localhost"
$dbuser = "theuser"
$dbpass = "thepass"

Then stick this file in the main php include dir /usr/share/php and then have each copy of the script include that file, then have the script itself do a
include("/usr/share/php/dbdefaults.php");
$db_connection = mysql_connect($dbhost,$db,$dbpass);

Or, do you mean have each user connect to their own MySQL db with their individual user and password (they each have one), then use the db that holds this information?

Work is going to get in the way of trying this now but any feedback is appreciated!

Thanks again!

Eric

raf
09-27-2003, 09:00 AM
Well, i don't know your exact situation, but i think it would be best to create a seperate MySQL account for each account on your server. This way, you can specify on which tables each account has which permissions.

They can work on the same db (but this is only recommendable if they use the same tables which is unlikely.)

An the you just send them an includefile with the
<?php
$db = "thedatabase"
$dbhost = "localhost"
$dbuser = "theuser"
$dbpass = "thepass"
?>

Or with the complet connectionstrings and db-selection in (if each account only has acces to one db)
<?php
$db_connection = mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
$db_select = mysql_select_db('guilds') or die (mysql_error());
?>

Then each account places this in one of there folders and inclue it in the scripts that need a connection.

Acecool
09-28-2003, 06:38 AM
require();

Makes it so the file is used for the entire length of the time the script is being called (exactly like having the code inside the file)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum