Save a small database on hype

sido3 · December 14, 2017, 11:17pm

hi everybody,
i have a little quizz with a form at the beginning, at the end of the quizz a use localstorage to save the datas but i need to save this data locally (xml file txt file database…).
the quizz is for internal use and will not be hosted. i can use wamp for local server.
could you please help me to save my datas in order to analysis them after.
thx.

Daniel · December 15, 2017, 7:24pm

You can use standard PHP to store data in a database. Here’s a thread with sample code: AJAX/PHP DB Query within Hype

And here is a basic starting point: https://www.w3schools.com/php/php_mysql_insert.asp

Hope that helps!

sido3 · December 17, 2017, 9:54am

thank you daniel for your reply,
actually, i solved my problem using:

localstorage to save my data with json
send data to php file using window.location.href
-treat my json data on php to get all informations and saving to txt file.

i know that is not the best way to do but when you’re newbie and don’t have enough time this the best way to do
my problem now is that when using window.location.href i go to another page, is it possible to do it in the same page using html widget or something else ?
i already tried the ajax method ( does’nt work for me ) i’ll retry it and keep you updated.

h_classen · December 17, 2017, 11:20am

this is old, but should work JSON to File example

sido3 · December 19, 2017, 9:37am

thak you for your reply, i already see this thread on the forum i tried but does’nt work for me, i’ll try after this method again to avoid callin a new page with window.location.href
i’ll keep you updated.

sido3 · May 3, 2018, 12:52pm

Hi every body,
in attach an example file for my method, i used php file in order to write on txt file.
and write file function to do this.
important! :

you have to include jquery.min.js to your project
you have to put also the php file on the same folder
use mamp or xamp or any virtual server and put the html file and folder in the htdocs/www folder
since this is the first time i upload file, tell me if every thing is alright

test writefile.zip (258.4 KB)

MaxZieb · May 3, 2018, 1:46pm

Looked at your code (post.php)… it’s fine for a local installation but …

People, never put this on a live server in the web. You can get hacked in minutes!

To explain my bold warning here. You basically opened the webserver with a filename and filecontent interface. Anybody can put any file on your server! The only protection is “security through obscurity” and “limited offline access” to the script. Once you put this on an online server the request you initiate from Hype is logged in the connections panel (browser) with all the parameters so anyone inspecting the source or any admin/hacker looking at server logs could see that open door.

MarkHunte · May 3, 2018, 2:00pm

Can you suggest the best way to help secure php like this

I myself have writtten in a php file before something like

header('Access-Control-Allow-Origin: https://someurl.com/*

But to be honest I am not very up on security for things like this and I think if some who is has some good pointers it would help many…

MaxZieb · May 3, 2018, 2:15pm

Well using Hype as View (one way) is one thing. Creating forms that post data to a server is like any other form you would deploy. In general a good starting point is “never trust the user” as put down in this article https://www.addedbytes.com/blog/writing-secure-php-1

To secure a connection do the usual things like:

authentification (user registration)
secure connection (https)
session managment (no cleartext passwords with every request)
never use unvalidated user data for any system requests
- filter any inputs before you write/use them (name by length and valid chars/format etc.)
- avoid expressions like openfile ($userFileNameInput) at all costs. If file access is necessary use fixed names like openfile ('userdata.txt')
never put userdata in the web-root because http://server.tld/userdata.txt is live!

Read more about it online and in the article above!

PS: @MarkHunte Only checking the referrer is not secure as you can spoof the referrer (easy).

MarkHunte · May 3, 2018, 2:20pm

Thanks. That helps already…

sido3 · May 3, 2018, 2:21pm

thanks for your advices, i actually used this for local use, my quizz is to be used on event on touchscreen then the security issue is not really a problem.

MaxZieb · May 3, 2018, 2:38pm

I understand. Just posted it starting with “People, …” because the title feels like it could be a general solution for others (google, forum search etc.) and you posted your code so people might download it … so I was worried somebody get’s the wise idea to put it on his live server. Signing off.