What would be the best way to go about this should I use php & mysql? so confused on where to start, still learning php, javascript
You will need a combination of (probably) all 3:
Javascript and HTML
Responsible for managing the user interface
Allows user to send a request to the server. Request can be "I want to challenge B" or "I will accept/deny challenge from A"
Allows user to ask for update from the server, and shows server messages to the user such as "A has challenged you" or "B has accepted/denied your challenge"
Must have access only to public information; no info you want to hide from the user (such as other users' emails or links to other challenges) should be visible to Javascript/HTML
PHP
Responsible for handling users' requests and returning responses or sending updates
Manages registrations, account changes, payments, account deletions etc...
Interacts with the database (eg: MySQL) to store or retrieve data
Generates challenge links
Tracks users' performance
Handles all the business logic and private data: how users get ranked, how users performed in challenges, did user enter correct password,...
MySQL
Responsible for storing user data and challenge data
Returns results to PHP when scripts ask for data
Updates stored data at PHP's command (eg: update users' rankings)
you can use javascript or PHP it does not matter.Only thing you got to remember is if you want to save details to Database like mysql then you got to send details to PHP.
You can use javascript to make the client side checks and send the finalized details to PHP for further processing. This reduces the server side processing.
You can do the HTML form check in PHP also if you do not want to use javascript.
If you are a beginner go with PHP you can easily find solution related to MySql/PHP on the web.
Thanks
depending on the needs for example i will use both javascript and php for validation of the form because
javascript will work faster but its code can be changed
php is slow but its code is hidden and cannot be changed
Related
I know that direct access to a database via Javasript is not recommended, since the user would get the database login and thus the ability to manipulate the database.
But in my case, the user cannot see the client-side code, since it's a phonegap app.
Is there a way to do it? And it not, what is a good way to do with a serverside part?
its really not recommened to access database from client-side its not only for security reasons, but what if you changed the database access or upgrade to different database, so you will have to change it in your app which you may not be able to access again after users installed if its mobile app and then you stuck to your database for ever,
so whatever you want to do you can add an action in server-side and depend on your params it will formulate your Query,
for example sending parameter for user=true this will search for users tables, sending parameter for account=true will search in users-accounts tables and so on.
I have a local website running that will query a mysql database via inputs given by a html form. The form values are sent to php via jQuery to call the query. Is there a way to send a command to the mysql server to kill the query if the website is refresh?
Currently if I refresh, the last mysql call will still run, so the website will be locked up until that query is finished.
Edit: To give a little more background information on the website, it is a local website that is solely running d3 visualizations based on a series of involved queries (lots of full text searches) on a large database (3 tables all in the 1 - 5 million record range). The "lockout" I'm referring to is not being able to abandon a query and try a more efficient query (i.e. something that will limit my results more).
Perhaps there is (it generally involves selecting the last process ID from the MySQL Processlist and issuing KILL QUERY on that process ID), but there are some problems that I think you should try to address first.
To begin, why in the world does one query "lock up" a website? I might be smelling a design flaw.
JavaScript could be used to make the browser "hit" the server on a refresh, but that's just adding another AJAX call and, presumably, another MySQL query (having to do with the processlist) and more PHP to write to handle the AJAX call, the processlist lookup, and the KILL QUERY query ...
I would recommend you try and make the server/MySQL query more efficient, so that you don't have to get a flying flip whether the browser is refreshed or not. As for browser security, you could probably use either PHP or JavaScript to enforce some sort of "flood limit" on repeated refreshing ....
I need to understand and maybe ideas about single page apps.
I want to create a project, i'll do it with MVC. I also want to use AngularJS for client side programming.
I know that AngularJS is good for single page applications and when working with SPAs you send your data to API to process. But data sent from Angular is visible to user and open to be manipulated.
I don't want users to be able to see any data or access to the API from the internet. Witch way i should follow?
I'm thinking about keeping sensitive user data in MVC controller. For example let's say user Id is very sensitive for my project. If i keep user id in javascript variable, when i'm sending it to API with some command user will able to change the id and manipulate the system. But if i keep user-id in MVC controller, via user authentication, and send request to my MVC controller then the user won't be able to change it. But i know this is not the best way of doing things, there must be a more clever way.
I'll be glad if someone can explain how this things works in SPAs or when you use Angular and MVC together.
This won't work, you can't prevent user from tampering the data, crafting custom request and doing whatever she wants at her side.
What you should do is to never trust upcoming data - which means validate every incoming id twice, once when you produce it and then when it comes back. Either it comes plain and you verify if it's legal or you encrypt it so when it comes back you decrypt it.
Some data can be stored at the server side, the id you mention is such example. This way user never sees the data, what you pass is the session id which is a long random value, rather impossible to craft. This approach comes with the cost of server side resources that are used, the more users the more resources at the server stored between requests.
I'm trying to make a web based tracking system with a GPS that can be controlled by sending SMS.
How my system work:
When user clicks a button to know the GPS location, the system send an SMS (with certain format) by SMS gateway to the GPS device. The GPS will reply with its coordinate by SMS too. After that, the location information of the GPS such as latitude, longitude, and etc will be taken from the SMS with a function and a trigger (I already make it and it works) and the data will be inserted automatically to a table named tb_history.
I want to display the newest location data that just inserted to the table with this query:
SELECT * FROM tb_history WHERE tb_history.`id_gps`='1' AND tb_history.`date`='2014-04-24' ORDER BY tb_history.`time` DESC LIMIT 1;
my question is, is there a way I can run this code automatically after a data just inserted to the tb_history? my teacher say that maybe I can use a javascript that always refresh the page and stop refreshing if there was a data inserted to tb_history???
I really need an example to understand it...
I forgot to mention that I made my system with PHP and javascript
sorry for the bad english and Thank you for those who gave me the answer...
Use mysql trigger for this purpose http://dev.mysql.com/doc/refman/5.1/de/create-trigger.html
From your edited question I would guess you are confusing the CGI-script on the server that you implement in PHP with the webpage, generated by the PHP-script on the server and, loaded by the client that should be using Javascript to get an update from the server when the SMS returns from your application on the telephone.
Mister Henson gave you keywords for two good google searches about how the Javascript can learn about when the returned SMS arrives.
Two hits on the google search lead to this site:
What are Long-Polling, Websockets, Server-Sent Events (SSE) and Comet?
How do I implement basic "Long Polling"?
I have a website that logs clickthroughs to client sites. It's how I track meaningful activity on ColdFusion.
The problem is the after I write to the database, I use CFLocation. It sends a blank http_referrer. This means that the receiving website does not know the click came from my site.
I am assuming that I need some sort of javascript code that will allow for the http_referrer to be preserved while somehow writing the click date/time info to the database through ColdFusion.