A Slightly More Complex revLet Question

Brian Yennie briany at qldlearning.com
Sun Aug 9 14:55:29 EDT 2009 

Len,

FWIW, I would recommend going the PHP route (or any server side  
language). That way you will never have to worry about a firewall, and  
won't have to maintain any sort of database connectivity from inside a  
browser. Do revLets support ODBC?

You can just say something like:

put url "http://myserver.com/db.php?query=clientdata&param1=george"  
into georgeData

On the server:

mysql->connect(..)

$query = $_GET["query"]

switch ($query) {
	case "clientdata"
		$sql = "SELECT * FROM clients WHERE username = '".$_GET['param1']."'";
		break;
	...
}

$data = mysql->query(..);

...


Maintenance becomes very easy. One line on the client to make a query,  
just write the PHP script once and add queries as you need them.


> The particular customer would have the web server farm and SQL  
> Server (Microsoft's) in the same server room so security shouldn't  
> be an issue unless the revlet can somehow be broken into on the  
> client end.  Most of the end users have trouble spelling G.E.D. so  
> this is a minimal risk but it is there.  Perhaps I AM making it more  
> complicated (in my head) than it really is.  I'll have to use ODBC  
> because we don't have either other DB Driver that can speak to a SQL  
> Server.
>
> My immediate issue is they would like to see some sort of  
> demonstration of what's possible (after all, the app I'm trying to  
> replace was written over a 10 year period!)  not the finished  
> product.  Therefore, I'd like to upload the sample program to my on- 
> Rev account and have them access the data on my desktop computer at  
> home (which has a SQL Server and some old data on it).  I don't  
> offhand know what port SQL Server uses but I have no problems with  
> them accessing the data directly for a limited time and I don't  
> think they will have a problem with this revLet accessing THEIR SQL  
> Server if they decide to green-light the project.
>
> I'll do some playing around with it.
>
> Len Morgan
> KTTK, Inc.
>
> Mark Schonewille wrote:
>> Hi Len,
>>
>> Yes, if the server allows it, you can do all you describe. It is  
>> indeed recommendable to use a cgi or irev to connect to MySql. I  
>> use PHP for this. Many hosts, including yours sincerely, don't  
>> allow a direct a connection to a database from a MySQL client.
>>
>> Why would you put effort into keeping a connection alive? I don't  
>> think that keeping a connection alive will increase transaction  
>> speed significantly, unless you can connect to a database directly,  
>> without cgi/irev/php.
>>
>> You can write a cgi or php script, for instance, which interprets a  
>> query from your client and executes it. I would consider this  
>> rather insecure, because a hacker who finds out how to send queries  
>> gets full control over your database.
>>
>> You can get a url or use the post command to connect to a server  
>> and send your query from your revlet the same way you can from a  
>> desktop standalone.
>>
>> Why is this complex?
>>
>> -- 
>> Best regards,
>>
>> Mark Schonewille

More information about the use-livecode mailing list