maxxd
Hi maxxd. You and sneakyimp are incredibly helpful and generous in your professional advice in relation to the question I posed. Thank you both very much indeed: I can’t tell you how much I appreciate it.
I am, of course, trying out ideas on my own LAN using Wampserver as the host. In practice I would, of course, use HTTPS and do something about passwords.
I must be even rustier than I thought. I seem to be almost there but I’m not getting anything in what I expected to be the return value. Here’s my test code.
Local script:-
<?php
$addr = “http://localhost/curl-server.php?key=123”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $addr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$return = curl_exec($ch);
if(curl_errno($ch)) {
echo “Curl error: “ . curl_error($ch); }
curl_close($ch);
echo “Script completed <br>”;
echo “Output = “ . “ “ . $return;
?>
I expected to get a string returned in the variable $return. However, it seems to be empty. This is the server script:-
<?php
require_once 'forms/incl/config.php';
$dsn = 'mysql:host='. $host . ';dbname='. $dbname;
if(!$pdo = new PDO($dsn, $user, $password)) {
die('PDO setup failed <br>'); }
if(!$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC)) {
die('setAttribute failed <br>'); }
function selectSomeData(){
if(empty($_GET['key']) || $_GET['key'] !== '123'){
die('You are not authorised!');
}
$qry = 'We have completed the script.';
}
selectSomeData();
?>
I’m missing something obvious I’m sure but I’m d….d if I can spot it! Sorry for being so dumb over this.

The double quotes I'm referring to are in the first script - echo “Output = “ . “ “ . $return; instead of echo "Output = "." ".$return; for instance. You can see that the quote marks from your post are curvy, or fancy. Check to make sure they're not that way in VSCode.

As for outputting $qry, just literally echo it. Like so: echo $qry;

PS: use backticks to signify code in this forum - it recognizes markdown formatting.

A little more explanation - the two scripts aren't interlinking at all. The script on the server is just creating an output stream, which the local script is consuming via cURL's RETURNTRANSFER directive. Think of it like this: the server script implicitly calls php://stdout and pipes anything from an echo statement into that stream. The local script implicitly calls php://stdin, creating a destination for the server script's php://stdout contents. So, it's a lot like AJAX in that the scripts aren't actually communicating with each other, they're just putting data out there and assuming that the handler script can actually handle that data.

maxxd
Sorry, yes I did write the lines with curly quotes in Word and cut & paste it in the forum. In VSCode all is well.
I'm afraid I don't know what you mean by a backtick; I'm using a UK keyboard and the word backtick doesn't appear in UK English. What seemed to work ok was to use the single inverted commas to enclose the code items.
So, if the local script is the destination for the server script's php//stdout should I read that data with a line in the local script like $contents = file_get_contents("php://stdin"); and then echo $contents; ?

Try this for your server script -

function selectSomeData(){
  if(empty($_GET['key']) || $_GET['key'] !== '123'){
    die('You are not authorised!');
  }
  echo 'We have completed the script.';
}
selectSomeData();

The backtick has nothing to do with your question, but just because...

Not sure whey you are fiddling with stdin/stdout. If I were you, I'd start by having your curl script request a page that does something super simple like this:

echo "THIS IS WORKING";

Once you are sure your curl script is properly fetching that page into your $return variable, then you can worry about working up a more complicated script to selectSomeData().

As for the second script, which fetches the data, maxxd is right. The function you've posted doesn't actually output anything to be read on the other end.

I think I muddied the waters talking about stdin and stdout - they're not actually being used here at all. Just cURL to the script on the server, output something from the script on the server, and print it from the local script's $return variable.

Sorry if I got everyone confused.

maxxd
Thanks again @maxxd: on the ball as usual! I'll give that a try tomorrow but I'm sure it'll be fine. It's mid afternoon now and I have to take my 3km walk then prepare supper. Covid-19 has, at least, pushed me into taking more healthy exercise.

I will repeat that you should be wary of an unwanted visitor stumbling across this url and digging through your sensitive data. Having a secret key is a good step in the right direction, but you should also make sure you connect to the server using HTTPS (i.e., SSL or TSL to encrypt your requests) or any manner of other people may be able to see your url and key. It might be a good idea to monitor your access logs for this url and make sure you are the only one who ever connects to it.

If it's just you accessing the url, you don't need to worry so much about bad guys attempting SQL injection. But you'll probably want to validate any $GET values coming in to make sure they are safe. Using PDO can help you reduce the risk if you aren't just sticking user input from $GET directly into an SQL string to run as a query.

Weedpacket
Sorry for the delay in acknowledging the last two posts. For some reason I didn't get any notification although I've had an email notifying me of every previous post!

I really appreciate all the wise advice and the time you've all spent in helping me. Thank you all very much indeed.

I think I now have enough to enable me to create an acceptable solution: thanks again!