I want to develop a (very) simple MySQL client application in C, for Ubuntu Linux. The functionality for now should include just adding new records to the database (on a remote server). I've experimented with the MySQL API and wrote a simple program that does this locally, however I'm not sure if that's the way to go with a remote database (on a server). Should I just directly connect? Is that safe? Or maybe I should use cURL to access a PHP script which would then process the queries for me?
Thanks in advance.
It is fine and perfectly safe to directly connect using C, that is what the API is there for. Remember the usual rules apply when handling user input, validate heavily and escape strings, but this is not something unique to C.
If you feel you'd rather work in MySQL with PHP you can always output data in an easier to use format to work with in C and save yourself having to use the MySQL library, it depends on your performance requirements as to what you do I guess. Personally I got tired of building raw SQL queries and models in C very quickly. MySQL++ (C++) can alleviate the pain somewhat, but C/C++ are just not as nice as other languages for this kind of thing.
You state that it is a remote server. If you have already built a lot of infrastructure in PHP I'd be inclined to use that and build an interface between your client application and the database. Of course what you do depends entirely on the requirements of your application.
Related
I am new in Yii. I want to know is SQL injection or any hacking possible in the Yii web application? If possible how to avoid that problem?
Yes. Any "hacking" is possible in any web application.
Because no software makes an application safe, but a programmer. Yii is only a tool, but how to use it is entirely up to one who uses it.
So, you have to learn how to use Yii and technology and security basics in general. Without such education that cannot be done by means of asking and answering just one question, one cannot create a safe application.
To make this answer not entirely off topic, as long as you're using Yii ActiveRecord, you can consider your code SQL injection safe, because AR takes the trouble of creating SQL queries for you.
Yeah. It depends to the programmer how he/she use the code, If executed correctly.. Try to read the document of Yii, they show it how to use the code properly and to make it anti sql injection.
Yes. The saying "Security is insecurity." is a big issue in web security.
Everything is hack-able, but it depends on the security of system & performance of the device trying to hack. If the hacker trying to hack a website by a Normal PC may takes Millions of year, but using a Quantum Computer may break within a second.
In case of web application build from Yii PHP Framework, it may also be hack-able. Some how this framework provides strong security measures.
Looking for advice on web development languages/tools for a simple project. I have used HTML to create simple sites before but they were primarily just static information. I have no experience with web scripting, etc. at this point.
Our company has a half dozen or so Transact SQL queries that produce simple text reports from our SQL Server database. I would like to create a simple web type application so that users on our intranet can run these queries themselves vs. asking for what they need.
The queries require minimal input from the user. Typically they would only need to enter a start and stop date or a customer number, or an invoice number.
The application needs to be functional, not especially pretty. I want the user to be asked for the above type input as appropriate and then specify where a file with the reults should be written on their computer.
On other projects I have done some Python programming in conjunction with the SQL Server database, just nothing that interacts with a web site or that has a GUI.
Thank you in advance for your suggestions.
You'll very least need to know a server side language such as PHP or Python to make the queries. Maybe a CGI script?
Most commonly used, I believe, is PHP. It is well-documented and meant for the what you want to do, contrary to Python, which doesn't play as nice with HTML as PHP. As stated on the PHP website, it is quite popular and as such has quite a few tutorials online. After you understand the syntax - you said you have programmed in Python, so only the syntax would be new to you - you should look into how to connect with your SQL Server. Microsoft owns that, so I hope (for them) they explain it well enough: http://technet.microsoft.com/en-us/library/cc793139(v=sql.90).aspx. That should equip you with what is needed for what you describe in the question.
I found this question as well: Can PHP work with a MS SQL database. The accepted answer suggests you can use PDO as well to connect to SQL Server. I recommend PDO over the mssql_ functions, because it offers an object oriented API and and an API that makes prepared statements real easy, among others.
I have written a TCP server implementation using which I created an application which works as TCP echo service.
Now I want to test this echo server in terms of
How many connections it can handle
What is the response time
How much memory and CPU it uses
Please can you suggest any standard method/tools to test this echo server. I understand that both TCP and echo server implementation is fairly standard practice so I hope to find established tools to test it.
P.S.: I can write my own test application but I don't want to do it because if I see some problem, I need to be sure that it is my server that is doing it wrong. I don't want to end up testing my test client first.
I wrote this implementation using C# and .NET 3.5 though I believe it doesn't matter with reference to the question.
I have a free tool that might help you. I use it for testing servers that are built with my C++ server framework. The tool is available here: http://www.lenholgate.com/blog/2005/11/windows-tcpip-server-performance.html. It allows you to create a configurable number of connections to your target server at a configurable rate and then send data on each connection (again at a configurable rate).
If find that the best way to use it is to run it on a different machine to the server (fairly obvious I know, but...) and possibly to run multiple copies on multiple different machines. Note that if you find you can't make more than around 4000 connections then it's quite likely that you need to tweak your MAX_USER_PORT registry setting on the machine that's running the client.
Once you've tested your TCP code you may find you need to test the protocol that your server supports. I wrote a test tool for this kind of situation in C# which is available on CodeProject (http://www.codeproject.com/KB/IP/testingsocketservers.aspx). This allows you to write a "plugin" to support your protocol and handles the protocol agnostic stuff (lots of connections, breaking messages up so that you get fragmented reads, etc) for you. The design is a rather nasty thread-per-connection design and for higher numbers of connections you'd be better off reimplementing something using an async design but I have my C++ tools for that so I never got around to changing this test program...
In your same situation before, I have used FunkLoad. If you can write a small client as a snippet of Python code, then FunkLoad will run as many of those against the server as you want, and graph the results:
https://funkload.nuxeo.org/
A fully worked-out example against a series of test servers is the centerpiece of the second edition of my Foundations of Python Network Programming book, in case its public source code repository is of any help:
https://github.com/brandon-rhodes/fopnp/tree/m/py2/chapter07
I am developing a cocoa application that will be making heavy use of both web services and a standard dbms (most likely MySQL) and I am wondering if anyone has a good option for a database library or ORM solution they have used. CoreData is not an option due to the need to support a standard DBMS and to be able to modify the data outside of the normal application operation.
I have found a number of possible options from new open source libraries:
http://github.com/aptiva/activerecord/tree/master
To writing my own wrapper for the C MySQL api.
Any advice is welcome,
Thanks!
Paul
We faced a similar question when we first started work on Checkout, our solution was to code the entire app in Python, using PyObjC. Checkout 1 had an sqlite backend, Checkout 2 has a postgres backend.
There are a couple of really mature and powerful ORMs on the Pyton side, such as SQLObject, which is pretty simple to work with (we used it for Checkout 1.0) and SQLAlchemy, which is more powerful but a bit harder to wrap your brain around (we used it for Checkout 2.0).
One approach you could evaluate, is building the application in Objective-C, but writing the data model and database connectivity/adminstration code in Python. You can use PyObjC to create a plugin bundle from this code, that you then load into your app That's more or less the approach we took for Checkout Server, which uses a Foundation command-line tool to administer a postgres server and the databases in it, this CLI tool in turn loads in a Python plugin bundle that has all of the actual database code in it. End-users mostly interact with the database through a System Preferences pane, that has no clue what the database looks like, but instead uses the command-line tool to interact with it.
Loading a plugin is simple:
NSBundle *pluginBundle = [NSBundle bundleWithPath:pluginPath];
[pluginBundle load];
You will probably need to create .h files for the classes in your bundle that you want to have access to from your Obj-C code.
You might also want to check out the BaseTen framework. It is a Core Data-like framework (in fact, it can import Core Data models), but works with PostgreSQL (though not MySQL, as far as I know). It includes some very nice features such as schema discovery at run time. It also includes an NSArrayController subclass that automatically handles locking and synchronizing across multiple users, so you can continue to make use of Apples Key-value Binding in your UI.
I have personal experience with this particular problem. I even started down the road of writing my own wrapper for the C MySQL API.
The eventual conclusion was: Don't!
The solution that worked in my case was to communicate with the MySQL server via PHP. If you are familiar with web services, chances are that you know about PHP, so I don't won't go into loads of detail about that.
To read from the database:
The cocoa app sends a request for a URL on the server: http://theserver.com/app/get_values.php
The get_values.php script handles the database query, and returns the data in xml format
The cocoa app loads and parses the xml
To write to the database:
The cocoa app sends a more complex request to the server: http://theserver.com/app/put_values.php?name="john doe"&age=21&address=...
The put_values.php script parses the input and writes to the database
The beauty of this solution is that PHP is great for working with MySQL, and cocoa has some handy built-in classes for working with XML data.
edit: one more thing:
One of the key things you have to figure out with this approach is how much processing should be done on the server, and how much should be done in the app itself. Let cocoa do the things that cocoa is good at, and let PHP and MySQL do the things that they are good at.
You could write a generic PHP script to handle all queries: perform_query.php?querystring="SELECT * FROM .....", but that is hardly an optimal solution. Your best bet is several smaller PHP scripts that handle individual datasets for you. In my case, there was one to get the list of users, one to get the list of transactions, etc. Again, it all depends on what your app is going to do.
GDL2 is a nice example, based on EOF.
Instead of reinventing the wheel by writing your own communication wrapper to deal with MySQL from Cocoa, you could try the SMySQL framework (a.k.a. MCPKit), it was part of the CocoaMySQL application that evolved into the Sequel Pro project. It works with varying versions of MySQL, and seems to be quite robust.
If you need to understand how to incorporate it into your application, there's not much documentation around, but it has an easy to understand interface and you can see it working by looking at the source of Sequel Pro, which is downloadable from Google code.
There is also the CocoaMySQL-SBG fork of the CocoaMySQL project, but that seems to be out of date and I couldn't get it to build properly.
I've also implemented a simple object persistence framework based on sqlite, but it certainly wasn't trivial to do. I agree with eJames' conclusion- don't implement one yourself if you don't have to.
If you aren't committed to programming in Objective-C you might want to take a look at PyObjC which would allow you to program the database portion in Python. You can use the MySQLdb module for DB access and there are plenty of tutorials online for its use. It isn't hard to stuff the data back into Cocoa/CF classes and pass them back to your app.
The main caveat with PyObjC is that at the moment it doesn't work with Tiger.
Our application is interfacing with a lot of web services these days. We have our own package that someone wrote a few years back using UTL_HTTP and it generally works, but needs some hard-coding of the SOAP envelope to work with certain systems. I would like to make it more generic, but lack experience to know how many scenarios I would have to deal with. The variations are in what namespaces need to be declared and the format of the elements. We have to handle both simple calls with a few parameters and those that pass a large amount of data in an encoded string.
I know that 10g has UTL_DBWS, but there are not a huge number of use-cases on-line. Is it stable and flexible enough for general use? Documentation
I have used UTL_HTTP which is simple and works. If you face a challenge with your own package, you can probably find a solution in one of the many wrapper packages around UTL_HTTP on the net (Google "consuming web services from pl/sql", leading you to e.g.
http://www.oracle-base.com/articles/9i/ConsumingWebServices9i.php)
The reason nobody is using UTL_DBWS is that it is not functional in a default installed database. You need to load a ton of Java classes into the database, but the standard instructions seem to be defective - the process spews Java errors right and left and ultimately fails. It seems very few people have been willing to take the time to track down the package dependencies in order to make this approach work.
I had this challenge and found and installed the 'SOAP API' package that Sten suggests on Oracle-Base. It provides some good envelope-creation functionality on top of UTL_HTTP.
However there were some limitations that pertain to your question. SOAP_API assumes all requests are simple XML- i.e. only one layer tag hierarchy.
I extended the SOAP_API package to allow the client code to arbitrarily insert an extra tag. So you can insert a sub-level such as , continue to build the request, and remember to insert a closing tag.
The namespace issue was a bear for the project- different levels of XML had different namespaces.
A nice debugging tool that I used is TCP Trace from Pocket Soap.
www.pocketsoap.com/tcptrace/
You set it up like a proxy and watch the HTTP request and response objects between client and server code.
Having said all that, we really like having a SOAP client in the database- we have full access to all data and existing PLSQL code, can easily loop through cursors and call the external app via SOAP when needed. It was a lot quicker and easier than deploying a middle tier with lots of custom Java or .NET code. Good luck and let me know if you'd like to see my enhanced SOAP API code.
We have also used UTL_HTTP in a manner similar to what you have described. I don't have any direct experience with UTL_DBWS, so I hope you can follow up with any information/experience you can gather.
#kogus, no it's a quite good design for many applications. PL/SQL is a full-fledged programming language that has been used for many big applications.
Check out this older post. I have to agree with that post's #1 answer; it's hard to imagine a scenario where this could be a good design.
Can't you write a service, or standalone application, which would talk to a table in your database? Then you could implement whatever you want as a trigger on that table.