Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Jul 2002
    Location
    Florida, USA
    Posts
    96
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP include across URLs

    Greetings,

    I have a database where I store information so that other users on my server can access it via a set of generic scripts they can customize to display the information the way they want. I want to give them a script that 'includes' the dbname and dbpass from my server so they don't see the dbname and password.

    This script works.

    PHP Code:
    <?php
        $db_connection 
    mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
        
    $db_select mysql_select_db('guilds') or die (mysql_error());

        print 
    '<table>';

        
    $result mysql_query("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
        while (
    $row mysql_fetch_array($result)) {
            print 
    '<tr><td>' $row['ch_name'] . '</td><td>' $row['ch_guild'] . '</td></tr>';
        }

        print 
    '</table>';
    ?>
    What I'd like to do, though is split this up to look like:
    PHP Code:
    This script resides on my directory.
    <?php
        $db_connection 
    mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
        
    $db_select mysql_select_db('guilds') or die (mysql_error());
    ?>

    This script is ran by the user.

    <?php
        
    include('http://mydomain.com/dbcon.php');
        print 
    '<table>';

        
    $result mysql_query("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
        while (
    $row mysql_fetch_array($result)) {
            print 
    '<tr><td>' $row['ch_name'] . '</td><td>' $row['ch_guild'] . '</td></tr>';
        }

        print 
    '</table>';
    ?>
    The second method refuses to work. I always end up with a MySQL error which results from the page not being included right, the variables not coming across right, or some such.

    Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/myuser/public_html/lookup.php on line 6

    I apologize for posting in the wrong forum if this is a MySQL error, but it looks like something to do with the include since it works one way and not the other.

    Thanks!

    Eric
    if ( bad && possible ) happen();
    Sig re-written for faster processing...

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    AS far as I know, you can't do this without having remote access or something like that set up on mysql.

    Also, having that query in the users file is very dangerous. Anyone could simply change it to drop your entire database.

  • #3
    New Coder
    Join Date
    Jul 2002
    Location
    Florida, USA
    Posts
    96
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The database is on the same server as myself and all the other users.
    if ( bad && possible ) happen();
    Sig re-written for faster processing...

  • #4
    New Coder
    Join Date
    Jul 2002
    Location
    Florida, USA
    Posts
    96
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The only thing that MySQL user can do is select.

    I'm wondering if I'd be better off just supplying a generic password, letting the users have the whole script and saying heck with it. Any thoughts on that?

    Thanks!

    Eric
    if ( bad && possible ) happen();
    Sig re-written for faster processing...

  • #5
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm not sure i understand the situation.

    The webserver that serves the other peoples applications is on the sameserver as you MySQL server. Right ? OK, then you can include a file with the user, pwd, server and db parameters.

    But i believe it's better to use a relative path to file then http (not sure) and to place the path somewhere above the www root (so that it isn't accesible through the web).
    Or to simple create a new MySQL account for each application (so that you can lilimt there rigths to the db's they actually use) and send them all an include like your

    <?php
    $db_connection = mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
    $db_select = mysql_select_db('guilds') or die (mysql_error());
    ?>

    (but with differnt accountname etc.


    Anyway, i would change
    PHP Code:
        $result mysql_query("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
        while (
    $row mysql_fetch_array($result)) {
            print 
    '<tr><td>' $row['ch_name'] . '</td><td>' $row['ch_guild'] . '</td></tr>';
        } 
    into
    PHP Code:
    $select = ("select distinct ch_name, ch_guild from guild_info where ch_guild = 'Warder' order by ch_name");
    $result mysql_query($select) or die (mysql_error());
      if (
    mysql_num_rows($result) > 0){
         while (
    $row mysql_fetch_array($result)) {
      }
      else{
          echo (
    "No  records found.");
      } 
    To get a more detailed view on the problem (and to have better errortrapping when you get it to work)

  • #6
    New Coder
    Join Date
    Jul 2002
    Location
    Florida, USA
    Posts
    96
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks, Raf.

    I've got some problems with the C code that's going to force me to re-think the whole way I'm initially populating the db, most likely having more than one db or at least multiple tables to handle the data. But that's just me babbling...

    All of this is on one server. All of the users (including myself) operate out of /home/whatever/public_html. Each account also has open_basedir and include_path set static in the httpd.conf. If I understand correctly, I can drop the variables themselves into an include file like...

    $db = "thedatabase"
    $dbhost = "localhost"
    $dbuser = "theuser"
    $dbpass = "thepass"

    Then stick this file in the main php include dir /usr/share/php and then have each copy of the script include that file, then have the script itself do a
    include("/usr/share/php/dbdefaults.php");
    $db_connection = mysql_connect($dbhost,$db,$dbpass);

    Or, do you mean have each user connect to their own MySQL db with their individual user and password (they each have one), then use the db that holds this information?

    Work is going to get in the way of trying this now but any feedback is appreciated!

    Thanks again!

    Eric
    if ( bad && possible ) happen();
    Sig re-written for faster processing...

  • #7
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well, i don't know your exact situation, but i think it would be best to create a seperate MySQL account for each account on your server. This way, you can specify on which tables each account has which permissions.

    They can work on the same db (but this is only recommendable if they use the same tables which is unlikely.)

    An the you just send them an includefile with the
    <?php
    $db = "thedatabase"
    $dbhost = "localhost"
    $dbuser = "theuser"
    $dbpass = "thepass"
    ?>

    Or with the complet connectionstrings and db-selection in (if each account only has acces to one db)
    <?php
    $db_connection = mysql_connect('localhost','dbname','dbpassword') or die (mysql_error());
    $db_select = mysql_select_db('guilds') or die (mysql_error());
    ?>

    Then each account places this in one of there folders and inclue it in the scripts that need a connection.

  • #8
    New Coder
    Join Date
    Sep 2003
    Posts
    98
    Thanks
    0
    Thanked 0 Times in 0 Posts
    require();

    Makes it so the file is used for the entire length of the time the script is being called (exactly like having the code inside the file)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •