3 replies to this topic

[elfin8er]

I was just wondering if there was an easy way that anybody has figured out, to send MySQL queries through Computercraft. Would it work to just send the query through an HTTP request? How would I format everything in Computercraft, and then unformat it in PHP to send the request? Also, how would I receive info back from the MySQL server? Has anybody made an API for something like this?

[theoriginalbit]

it is not a good idea for security purposes to allow requests that supply the SQL query. You're best to request a particular url with specific details, for example usernames and such. Then the PHP code would go ahead and use those details and insert them into an SQL Prepared Statement (take note of terminology, its another security tip) and perform the request on the database, returning the information to the webpage for your ComputerCraft script to pick up.

Giving code is something we generally do not do here in Ask a Pro, we give pointers and tips in order to help you find your solution; as such here are some resources for you to achieve the task you wish to perform
- php get
- php post
- mysql php
- mysql php prepared statements
- http api

Note: if you are not familiar with PHP, MySQL, or security with either, please do not attempt what you're trying to do, I've given you only the first steps towards security, not the total solution. There have been too many failed attempts that've lead to security problems on the forums, we don't need more.

[elfin8er]

theoriginalbit, on 14 January 2014 - 03:16 AM, said:

it is not a good idea for security purposes to allow requests that supply the SQL query. You're best to request a particular url with specific details, for example usernames and such. Then the PHP code would go ahead and use those details and insert them into an SQL Prepared Statement (take note of terminology, its another security tip) and perform the request on the database, returning the information to the webpage for your ComputerCraft script to pick up.

Giving code is something we generally do not do here in Ask a Pro, we give pointers and tips in order to help you find your solution; as such here are some resources for you to achieve the task you wish to perform
- php get
- php post
- mysql php
- mysql php prepared statements
- http api

Note: if you are not familiar with PHP, MySQL, or security with either, please do not attempt what you're trying to do, I've given you only the first steps towards security, not the total solution. There have been too many failed attempts that've lead to security problems on the forums, we don't need more.

Security isn't a huge problem with me. Everything is going to be done locally. So because of that, would it work to send the query directly to PHP via an HTTP request?

[theoriginalbit]

elfin8er, on 14 January 2014 - 03:23 AM, said:

So because of that, would it work to send the query directly to PHP via an HTTP request?

of course, you'd just send it as a request parameter (making sure to make the request HTTP safe textutils.urlEncode which of course using GET doesn't require decoding PHP side, but using POST does), read it and then use it. but I can't think of any case where that'd be easier, or preferable, over just setting up URLs/APIs to handle the SQL queries for you, based on what the request is for.

Edited by theoriginalbit, 14 January 2014 - 04:28 AM.