Okay so this is kind of a big question, so bare with me. Basically what I want to achieve is to have another website connect to my database on a small app that I have provided them, without them knowing my database credentials. Say I'm creating a comment system (I'm not, this would not be the way to go) and I would store every comment in my database. I would give them a code that will display comments from my database, without them getting access whatsoever to my database credentials - host, username and password.
How would I go about doing this? Is a simple php include() going to do the trick or do I need to go into other methods. I see comment installment is typically done with a Javascript file linked or sourced to the page it should be inserted into.
Please give me a sample code of this code being given to another server without them getting into the code itself, or not getting into the database connection atleast.
Some servers have limitations on including files on other servers, for security reasons. So you'll have to test that. You can create additional MySQL users that you give read only access.
You could do it where you have a page that includes another page returning the information and let other sites link to that with an iFrame, like how facebook does it.
www.yoursite.com/comments?user=username:
<?php $user = $_GET['user']; if (verifyusercode($user)){ include(schartsfile.php); } ?>
honestly, even if your host did allow you to include remote files, it's a Terrible Horrible No Good Very Bad idea. unless you have _complete_ control over both servers (and even then sometimes), it's a huge security risk. that's why people disable it.
Basically what I want to achieve is to have another website connect to my database on a small app that I have provided them, without them knowing my database credentials.
Say I'm creating a comment system (I'm not, this would not be the way to go) and I would store every comment in my database. I would give them a code that will display comments from my database, without them getting access whatsoever to my database credentials - host, username and password.
How would I go about doing this? Is a simple php include() going to do the trick or do I need to go into other methods. I see comment installment is typically done with a Javascript file linked or sourced to the page it should be inserted into.
Please give me a sample code of this code being given to another server without them getting into the code itself, or not getting into the database connection atleast.
Thank you.
- Schart
You could do it where you have a page that includes another page returning the information and let other sites link to that with an iFrame, like how facebook does it.
www.yoursite.com/comments?user=username: