Célio
Visitor
|
Re:mysql documentation - 2006/08/25 13:38
Hi,
In fact the point of dbRequest is ONLY to check if a user has an account in your database and if he's got the good password (so if he is allowed to connect to this server).
Palabre is not really meant for server integration and code remoting (Unix philosophy, One program -> One action, Palabre is meant for Multiuser, not database information retrieval).
And doing SQL requests via <msg node />is also a HUGE security hole for your database. Someone sending :
| Code: |
<msg dBRequest="Show databases"></msg>
|
could also be sending
| Code: |
<msg dBRequest="Drop databases"></msg>
|
Or
| Code: |
<msg dBRequest="Select user_password FROM users"></msg>
|
If you only need to store and retrieve user informations, Torleif made a mod for that purpose (informations stored in text files) view : http://palabre.gavroche.net/component/option,com_simpleboard/Itemid,35/func,view/id,125/catid,1/
If you need to get variables from a database I believe it's a better idea to use simple PHP (or ASP, CFM, JSP, ..) scripts that returns the needed information through a simple LoadVariables('flash.php?action=getDatabasesList'), and
<?php
/* Connect ... */
mysql_connect(... blablabla);
if($_GET['action'] == 'getDatabasesList']) {
$res = mysql_query('SHOW databases');
while($row = mysql_fetch_array($res)) {
print('<database name="'.$row['name'].'" />');
}
}
/** ... */
?>
Have fun !
Célio
|
Palabre on Facebook
DOWNLOAD
FORUM
FAQ
WHAT IS IT
