> -----Original Message-----
> From: Don Cohen [mailto:don-mysql8y@stripped]
> The http request I have in mind will be something like
> and the resulting query something like
> select ... from table where user=john and ...
> (I will first have verified the password.)
For the love of God and all that is holy,
do NOT put the user/pass on the URL like that!!!!!!
Do something like this instead:
Or use "mod_auth_mysql" to maintain your 'authorized' users to your page.
And as Adam beat me to, use a VIEW to expose ONLY the columns and joins you
want. This is also a good time to normalize the data and column names so
that you don't expose what their internal names are.
But also has he said, I don't see what you're trying to accomplish. If
someone is technically literate to format SQL statements, then just give
them a read-only account to the mysql (or view) directly. Let them use
their own GUI tool like SQLYog or whatever -- it will be far more robust
than anything you can write yourself.
If you're trying to do some "reports", then just code up the reports and
use select boxes for the options you want someone to choose. Use jQuery and
table_sorter plugin and you're done.