Save a small database on hype


(sid) #1

hi everybody,
i have a little quizz with a form at the beginning, at the end of the quizz a use localstorage to save the datas but i need to save this data locally (xml file txt file database…).
the quizz is for internal use and will not be hosted. i can use wamp for local server.
could you please help me to save my datas in order to analysis them after.
thx.


#2

You can use standard PHP to store data in a database. Here’s a thread with sample code: AJAX/PHP DB Query within Hype

And here is a basic starting point: https://www.w3schools.com/php/php_mysql_insert.asp

Hope that helps!


(sid) #3

thank you daniel for your reply,
actually, i solved my problem using:

  • localstorage to save my data with json
  • send data to php file using window.location.href
    -treat my json data on php to get all informations and saving to txt file.

i know that is not the best way to do but when you’re newbie and don’t have enough time this the best way to do :slight_smile:
my problem now is that when using window.location.href i go to another page, is it possible to do it in the same page using html widget or something else ?
i already tried the ajax method ( does’nt work for me ) i’ll retry it and keep you updated.


(Hans-Gerd Claßen) #4

this is old, but should work JSON to File example


(sid) #5

thak you for your reply, i already see this thread on the forum i tried but does’nt work for me, i’ll try after this method again to avoid callin a new page with window.location.href
i’ll keep you updated.


(sid) #6

Hi every body,
in attach an example file for my method, i used php file in order to write on txt file.
and write file function to do this.
important! :

  • you have to include jquery.min.js to your project
  • you have to put also the php file on the same folder
  • use mamp or xamp or any virtual server and put the html file and folder in the htdocs/www folder
    since this is the first time i upload file, tell me if every thing is alright :wink:

test writefile.zip (258.4 KB)


#7

Looked at your code (post.php)… it’s fine for a local installation but …

People, never put this on a live server in the web. You can get hacked in minutes! :slight_smile:

To explain my bold warning here. You basically opened the webserver with a filename and filecontent interface. Anybody can put any file on your server! The only protection is “security through obscurity” and “limited offline access” to the script. Once you put this on an online server the request you initiate from Hype is logged in the connections panel (browser) with all the parameters so anyone inspecting the source or any admin/hacker looking at server logs could see that open door.


(Mark Hunte) #8

Can you suggest the best way to help secure php like this

I myself have writtten in a php file before something like

header('Access-Control-Allow-Origin: https://someurl.com/*

But to be honest I am not very up on security for things like this and I think if some who is has some good pointers it would help many…


#9

Well using Hype as View (one way) is one thing. Creating forms that post data to a server is like any other form you would deploy. In general a good starting point is “never trust the user” as put down in this article https://www.addedbytes.com/blog/writing-secure-php-1

To secure a connection do the usual things like:

  • authentification (user registration)
  • secure connection (https)
  • session managment (no cleartext passwords with every request)
  • never use unvalidated user data for any system requests
    • filter any inputs before you write/use them (name by length and valid chars/format etc.)
    • avoid expressions like openfile ($userFileNameInput) at all costs. If file access is necessary use fixed names like openfile ('userdata.txt')
  • never put userdata in the web-root because http://server.tld/userdata.txt is live!

Read more about it online and in the article above!

PS: @MarkHunte Only checking the referrer is not secure as you can spoof the referrer (easy).


(Mark Hunte) #10

Thanks. That helps already…


(sid) #11

thanks for your advices, i actually used this for local use, my quizz is to be used on event on touchscreen then the security issue is not really a problem.


#12

I understand. Just posted it starting with “People, …” because the title feels like it could be a general solution for others (google, forum search etc.) and you posted your code so people might download it … so I was worried somebody get’s the wise idea to put it on his live server. Signing off.