a script that connects to database

[ChatIndia]

Hi

anybody who would volunteerly like to help me in making a simple script which can make change to a database. I don't want to give users to login to my database or access to admin panel of my script. so i dream to make a script which can alter database without giving users full access to database. Is it possible? Can you give me any hint or any web address on tutorials. I don't know programming but i can understand if i find a tutorial.

Thanks in advance.

 

[essellar]

In the most general sense, the things that happen in your database usually happen using your credentials, not the users' credentials, so that part's not a worry. Whether your users are authenticated or not (your choice, but I wouldn't usually let unauthenticated users do anything scarier than leave a comment on a blog), they will usually be the "same" user at the level of database interaction, even if they are different at the level of your application.

That said, we don't know enough about what you want to do in order to be of much real help. All we can do is point you to the general case of PHP interacting with MySQL using, say, PHP Data Objects (PDO), but that leaves an awful lot of work for you to do. (Not that learning the whole field wouldn't be tremendously rewarding -- it would be -- but it doesn't get you much closer to your goal in the short term.) So can you elaborate on what you want to accomplish?

 

[ChatIndia]

Okay, import the database in the attachment to the test sql server on your local computer

you'll find there is a table "room" inside there are several room list. I think it would be fantastic if only one person (admin of that particular room) can edit that room.

at present if i give room setting in admin panel, they get control over of each room.

is that possible? or is it a very complicated programming which only very very expert programmer can accomplish?

sorry, i can't attach an .sql extension file so i made it .txt. change it to .sql first before importing it to your sql server.

 

[descalzo]

Room Admin signs in, you store his ID in a session.

You present him with a form that allows him to "edit" that room (not sure what you want him to be able to edit/add, etc).

He submits the form and the script knows what room is to be edited by looking at the admin's user name. Processes the update and reports back.

But then you have to trust the room admin not to do anything stupid, since you are responsible.

 

[misson]

Samples should be minimized to reduce extraneous information. 279.2 KiB is far too much to have to wade through for a single table.

Administrating a room implies a relationship: a room has an administrator, a user can administrate a room. Lucky you're dealing with a relational database. Since admin-room is a 1-to-n relationship (each room has at most one admin, and a user can be the admin of multiple rooms), you can fold the relationship into the `room` relationship (or table, as the kids say these days). In descalzo's scheme, this is how the system records which rooms a user can administrate.

If you have other objects where access must be authorized (and where access rights can differ), it would be better to design an overall authorization scheme, rather than handling it piecemeal. Note that authorization (whether a particular entity should be given the access that it requests to an object) is distinct from, but related to, authentication (verifying credentials or identity). There are various patterns and sub-patterns to choose from: groups, roles, ACLs, ownership...