Daevid Vincent writes:
> For the love of God and all that is holy,
> do NOT put the user/pass on the URL like that!!!!!!
What's so unholy (or even unwise) about it?
> Or use "mod_auth_mysql" to maintain your 'authorized' users to your page.
Why is this so much better?
In my case it's worse cause I don't want this to be interactive.
I want to install something on a user's machine that will access his
data without him having to do anything. The url is to be used by
a program, not a person on a browser.
> And as Adam beat me to, use a VIEW to expose ONLY the columns and joins you
> want. This is also a good time to normalize the data and column names so
> that you don't expose what their internal names are.
So far I don't like this solution.
> But also has he said, I don't see what you're trying to accomplish. If
I'm trying to let a large number of users each access his own data
and not everyone else's in a very flexible way, in particular,
allowing selection using functions, aggregations, filters.
> someone is technically literate to format SQL statements, then just give
> them a read-only account to the mysql (or view) directly. Let them use
> their own GUI tool like SQLYog or whatever -- it will be far more robust
> than anything you can write yourself.
In this case there may be a lot of users but the queries are likely to
be written by a small number.
> If you're trying to do some "reports", then just code up the reports and
> use select boxes for the options you want someone to choose. Use jQuery and
> table_sorter plugin and you're done.
I can't predict what options will be needed.
And this seems much easier.