A little more explanation - the two scripts aren't interlinking at all. The script on the server is just creating an output stream, which the local script is consuming via cURL's RETURNTRANSFER directive. Think of it like this: the server script implicitly calls php://stdout and pipes anything from an echo statement into that stream. The local script implicitly calls php://stdin, creating a destination for the server script's php://stdout contents. So, it's a lot like AJAX in that the scripts aren't actually communicating with each other, they're just putting data out there and assuming that the handler script can actually handle that data.

maxxd
Sorry, yes I did write the lines with curly quotes in Word and cut & paste it in the forum. In VSCode all is well.
I'm afraid I don't know what you mean by a backtick; I'm using a UK keyboard and the word backtick doesn't appear in UK English. What seemed to work ok was to use the single inverted commas to enclose the code items.
So, if the local script is the destination for the server script's php//stdout should I read that data with a line in the local script like $contents = file_get_contents("php://stdin"); and then echo $contents; ?

      Try this for your server script -

      function selectSomeData(){
  if(empty($_GET['key']) || $_GET['key'] !== '123'){
    die('You are not authorised!');
  }
  echo 'We have completed the script.';
}
selectSomeData();

      The backtick has nothing to do with your question, but just because...

        Not sure whey you are fiddling with stdin/stdout. If I were you, I'd start by having your curl script request a page that does something super simple like this:

        echo "THIS IS WORKING";

        Once you are sure your curl script is properly fetching that page into your $return variable, then you can worry about working up a more complicated script to selectSomeData().

        As for the second script, which fetches the data, maxxd is right. The function you've posted doesn't actually output anything to be read on the other end.

          I think I muddied the waters talking about stdin and stdout - they're not actually being used here at all. Just cURL to the script on the server, output something from the script on the server, and print it from the local script's $return variable.

          Sorry if I got everyone confused.

            Thanks to everybody who has contributed here. I think I've finally got my ancient brain in gear and the very simple test - where there's no DB query - works fine. The simple statement gets returned as expected. Now to try and get a DB query executed and the results returned. 🤞

            There may appear to be a long delay in my response at times but that is probably because we're in different time zones (UK/USA?).
            Added comment:-
            OK, it's now a bit later. I've changed the script, selected a record from the DB and it's worked perfectly! Can't thank you all enough 🤗 .

            PS: Is it possible to pass a parameter from the local script into the server script for DB select conditions?

            sagecelt Is it possible to pass a parameter from the local script into the server script for DB select conditions?

            Append it to the URL - https://myawesomesite.com/script?key=123&another_param=stuff Then grab it from $_GET in your script as normal. Just remember to use prepared statements if it's going to be used in the query itself.

              maxxd
              Thanks again @maxxd: on the ball as usual! I'll give that a try tomorrow but I'm sure it'll be fine. It's mid afternoon now and I have to take my 3km walk then prepare supper. Covid-19 has, at least, pushed me into taking more healthy exercise.

                  I will repeat that you should be wary of an unwanted visitor stumbling across this url and digging through your sensitive data. Having a secret key is a good step in the right direction, but you should also make sure you connect to the server using HTTPS (i.e., SSL or TSL to encrypt your requests) or any manner of other people may be able to see your url and key. It might be a good idea to monitor your access logs for this url and make sure you are the only one who ever connects to it.

                  If it's just you accessing the url, you don't need to worry so much about bad guys attempting SQL injection. But you'll probably want to validate any $GET values coming in to make sure they are safe. Using PDO can help you reduce the risk if you aren't just sticking user input from $GET directly into an SQL string to run as a query.

                    Skimming through all this......

                    Would emailing the results of the original server script to the target computer be considered an option? It won't be to "a specific folder on a local PC", but to a specific email account that whoever is responsible for that folder could check.

                    See, the hangup is that, security considerations aside, if computer S pushes content to computer C, computer C might not be ready to receive it, so the content has to sit somewhere else in the meantime until computer C announces that it's ready. (If C has to specifically tell S that it's ready, then S might as well wait until then before generating the content: that leads to the above suggestions.)

                    Which gives me another idea: a cloud account. For example, since we're talking Windows, OneDrive; then the location where computer S sends its results really would look like a local folder on computer C.

                    Weedpacket
                    Sorry for the delay in acknowledging the last two posts. For some reason I didn't get any notification although I've had an email notifying me of every previous post!

                    I really appreciate all the wise advice and the time you've all spent in helping me. Thank you all very much indeed.

                    I think I now have enough to enable me to create an acceptable solution: thanks again!

                        Write a Reply...