I'm modifying an existing site (on another host) to use dynamic content for their news page. The database resides on my server along with the CMS GUI. I simply need their news page to retrieve data from my database. Here is the initialization code I placed on their page:

<?php

ob_start();

session_start();

require_once ('http://www.externalsite.com/include/mysql_connect.php');

?>

Here is the error I received:

Fatal error: require_once() [function.require]: Failed opening required 'http://www.externalsite.com/include/mysql_connect.php' (include_path='.:/usr/services/vux/lib/php') in /data/20/1/112/25/1438351/user/1545305/htdocs/site/mysql_connect.php on line 10

Other threads had mentioned using "fopen" to capture the code? Is that the correct method? Can anyone provide insight on how I could apply it to the code above?

    There is no correct method, because what you're attempting to do doesn't make much sense.

    Think about it: you're trying to include() or otherwise retrieve PHP code from an external server. If this were possible, this would be a huge security risk; you could simply download people's .php files from their site and steal their code, DB passwords, etc.

      bradgrafelman - Assuming that you 1) knew the filename, 2) knew file location, and 3) had permissions/access... then yes, I could see your point. However that is true for every file, in every directory, in existence throughout the web today.

      That aside, is your answer then that the mysql_connect.php file HAS TO reside on the same server as the database?

        HeyScooby;10967692 wrote:

        That aside, is your answer then that the mysql_connect.php file HAS TO reside on the same server as the database?

        That's not necessarily true, no. My point was that you shouldn't expect to retrieve PHP files directly across HTTP, as you're only going to get the output and not the actual PHP code (same as you do in your web browser).

          bradgrafelman is right! You cannot use http to get php code because the remote web server will execute that PHP code BEFORE you download it. This is a good thing because anything else is just begging to be hacked. If you are trying to connect to the database server, you can easily use your own copy of that file (or connection parameters) locally if the remote host even has the MySQL service open. Unless this is a intranet situation, that is not likely. If it's internet and you own both servers, it's still a bad security idea. This is exactly the use case for SOAP, REST, and XML-RPC.

            bretticus - Thanks for info. Does the answer lay in modifying the mysql_connect.php file? My code is pretty standard but I've been unable to pull data from the DB with it. Do I define the DB path under the host (E.g. IP or URL)?

            <?php

            DEFINE ('DB_USER', 'username');
            DEFINE ('DB_PASSWORD', 'password');
            DEFINE ('DB_HOST', 'host');
            DEFINE ('DB_NAME', 'databasename');

            if ($dbc = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD)) {

            if (!mysql_select_db (DB_NAME)) { 


	trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error());



	exit();

}

            } else {

            trigger_error("Could not connect to MySQL!\n<br />MySQL Error: " . mysql_error());

exit();

            }

            function escape_data ($data) {

            if (ini_get('magic_quotes_gpc')) {
	$data = stripslashes($data);
}

if (function_exists('mysql_real_escape_string')) {
	global $dbc; // Need the connection.
	$data = mysql_real_escape_string (trim($data), $dbc);
} else {
	$data = mysql_escape_string (trim($data));
}


return $data;

            }
            ?>

              HeyScooby;10967667 wrote:

              The database resides on my server along with the CMS GUI. I simply need their news page to retrieve data from my database.

              The answer, really, is to not open your server to security risk. By opening your MySQL server to the Internet is never a good idea. (However, to answer your question about whether to use URL or IP for the DB_HOST constant, it doesn't matter as long as the URL resolves to the same IP address.)

              If your CMS is Wordpress, there are ways to make your data accessible via RSS. You can parse RSS (it's just XML fundamentally) via PHP on their server. The SOAP, REST, or XML-RPC protocols are only necessary if the remote server (theirs) needs to make calls against your server with parameters (I only want this date range, etc. Unlikely where you're writing code on both ends.)

                Write a Reply...