I am currently looking for an intelligent best practice solution for the following problem. Within a web page, I want to make use of data that is currently organised in some MySQL tables.
Problem: I cannot access the database from the webserver, so I am not able to query the data using SQL. Therefore, I thought to transform the data into something JavaScript can handle (e.g. JSON) and perform all the operations on the data on client-side.
Doing SQL-like queries on an object will probably be kind of hard, even if those I need will probably be easy (simple SELECTs). Is there a elegant way to do that? Some nice little javascript library?
Thanks in advance for your ideas.
Best practice would (of course) be to put some kind of link (even if not a direct one) between the database and the web server.
For SQL in the browser, though, there's the TrimQuery library, basically a mini-SQL engine written in JavaScript for use on the browser. You would output the "tables" as arays of objects using JSON (as you indicated), and then query it via TrimQuery's SQL support.
But if you can't access the database from the web server, I assume you'll be making a mostly-static copy of the data as an admin procedure and placing it on the webserver. That being the case, you may well be better off determining your usage patterns in your web app and then formatting the data into useful objects as part of the DB->web server copy operation. But if you really need ad-hoc queries into the data, TrimQuery may be a route you could use.
You can try JSINQ:
http://jsinq.codeplex.com/
which is a Javsascript LINQ implementation. It allows to "query" json object with linq expressions (then in a sql-like way).
Related
I have a Wordpress site and I need to access data from one of my databases in some javascript/jquery.
Conceptually, what is the best way to do this? I considered installing a plugin to allow PHP in the Wordpress "Custom HTML Element", but would that be just as unsafe as accessing the MySQL database with Javascript? Should I make an event handling php script that lives elsewhere?
This will be used for user-specific sensitive data so it needs to be as secure as possible.
Not asking for any code, just not sure what a secure data flow would look like here. Thanks!
WordPress has a handy REST API that's pretty easy to extend. This is exactly what APIs are for in general - accessing data stored on another domain. Remote MySQL connections are totally possible and sometimes necessary, but for simply display a little data, using or building a simple JSON API is often the preferred method.
Depending on what information you're adding/pulling via the API (either the native WP REST API, or custom one), you may want to authenticate the requests with a key of some sort - and it sounds like this is something you'll need to do based on your concerns of viewing data.
Using an API like the WP Rest api lets you get just about any information you want, typically as a JSON string, which you can then display/modify with JavaScript, PHP, etc.
How can I connect to mysql DB from JS function?
I found this question:
How to connect to SQL server database from javascript?
but it doesn't work on Chrome, because they're using ActiveXObject.
Thank you.
There is no good solution on web browser side which will allow you to work with all browsers. There are many disadvantages to work with database on browser site.
First of all, you show your database structure and it is very dangerous. Imagine, how easier is to make SQL-injection while you know tables and fields?
You have to establish connection in some way using password which will be shown to third party users. Or you have to set password-less connection, which is also dangerous.
When you establish connection with database, somebody can easly execute own query what is trivial, because you are showing your structure.
I strongly recommended you to not do it on browser side.
but I have cross-domain problem, so I just need to do simple select from db
Direct browser-to-database communication is definitely not a proper solution.
If you want to get a list of values out of the db, just write a method in whatever server-side language you prefer (or need) to use, make the client-side JavaScript code call that method through its public URI and parse the response body into some data structure.
A more general solution to this kind of problems is XMLRPC (for the record, I've used it under Code Igniter / Flash ActionScript 3.0), though it's not all that simple to use.
If you need to get data from two different domains, then implement the above on both of them and make the JavaScript code call the two different URIs and combine the data (if needed).
You must use AJAX, because JavaScript itself can't connect to server. You can call some PHP script with AJAX and in JavaScript handle response from it. See jQuery.ajax().
make Ajax call from your javascript to php which connects you to database
Without some sort of plugin, or sending requests to a server side application that will access the database for you, you can't. So focus on those instead, specially server side apps.
A comment under this question
How to make a database connection
suggests that's only possible with a particular mix of Microsoft technologies specifically designed to deploy desktop-like software using a web browser. The bits mentioned there are:
HTA - HTML Applications
JScript - a Microsoft flavor of JavaScript
ActiveX objects
A link is also provided: Introduction to HTML Applications (HTAs)
I apologize if this question is not specific enough, but I do need some help understanding this concept. I've been researching many Javascript libraries including JQuery, MooTools, Backbone, Underscore, Handlebars, Mustache, etc - also Node.js and Meteor (I know all those serve different purposes). I have a basic idea of what each does, but my question is mainly focused on the templating libraries.
I think the general idea is that the template will be filled by a JSON object that's retrieved from the server. However, i'm confused by how that JSON object is formed, and if it can go the other way to the backend to update the database. Please correct me if this is incorrect.
For a more solid example, let's say I have Apache running on Linux, and am using MongoDB as the database and python as my primary language. How do all these components interact with the templating library and each other?
For example, if I have an HTML file with a form in it and the action will be set to some python script; will that script have to retrieve the fields, validate them, and then update them in the DB? If it's MySQL I'd have to write a SQL statement to update it, but with Mongo wouldn't it be different/easier since it's BSON/JSON based?
And for the other example, let's say I have a view-account.html page that will need to pull up user information from the DB, in what form will it pull the information out and how will it fill it into the template? I'm guessing i'd have to have a python script that pulls the information from the DB, create a JSON object, and use it to populate the fields in the html template.
I am aware there are web frameworks that will ease this process, and please suggest any that you would recommend; however, I'm really interested in understanding the concepts of how these components interact.
Thanks!!
There are obviously many ways this can all work together, but it sounds like you have the (a) right idea. Generally the frontend deals with JSON, and the server provides JSON. What's consuming or providing those responses is irrelevant; you shouldn't need to worry that Mongo is your database, or that underscore is handling your templates.
Think of your frontend and backend as two totally separate applications (this is pretty much true). Ignore the fact that your frontend code and templates are probably delivered from the same machine that's handling the backend. Your backend is in the business of persisting data, and your frontend in the business of displaying it.
RE: Mongo using JSON/BSON; The fact it uses the same language as your frontend to communicate is a red herring. Your DB layer should abstract this away anyway, so you're just using Python dicts/tuples/etc to talk to the database.
I'm guessing i'd have to have a python script that pulls the information from the DB, create a JSON object, and use it to populate the fields in the html template.
Spot on :)
I'm working on a project and there is some battle between how some JS filtering should be implemented and I would like to ask you guys some input on this.
Today we have this site that displays a long list of repeated entries of data and some JS filtering would be nice for the users to navigate through. The usual stuff: keyword, order, date, price, etc. The question is not the use of JS, which is obvious, but the origin of the data. One person defends that the HTML itself should be used and that the JS should parse through it making the user's desired filtering. Another person defends that we should use a JSON generated in the server, and that JSON should be the data's origin.
What you guys think on this? What are the pros and cons?
As a final request, I would like you to be the most informative as possible since your answers will be used and referenced for all us in the company. (Yes, that is how we trust you!:)
The right action is matter of taste and system architecture as well as utility.
I would go with dynamically generated pages with JS and JSON -- These days I think you can safely assume that most browsers has Javascript enabled -- however you may need to make provisions for crawler (GoogleBot, Bing, Ask etc) as they may not fully execute all JS and hence may not index the page if you do figure out some kind of exception for supporting those.
Using JS+JSON also means that you make your code work so that support for mobile diveces is done client side, without the webserver having to create anything special.
Doing DOM manipulation as the alternative would not be my best friend, as the logic of the page control and layout is split-up in two places -- partly in the View controller on the webserver, and partly in the JavaScript -- it is in my opinion better to have it in one place and have the view controller only generate JSON and server the root pages etc.
However this is a matter of taste, and im not sure that I would be able to say that there is one correct and best solution.
I think it's a lot cleaner if the data is delivered in JSON and then the presentation HTML or view of that data is generated from that JSON with javascript.
This fits the more classic style of keeping core data structures separate from views. In this manner you can generate all types of views without having to constantly munge/revise the way you store, access and manipulate the data. You can even build classes and methods to develop a clean interface on your data that is entirely independent of how that data is displayed.
The only issue I see with that is if the browser doesn't support javascript and that browser is a desired viewer. In that case, you have to include a default HTML version from the server that will obviously not be manipulated and the JSON will be ignored.
The middle ground is that you include both JSON and the "default", initial HTML view of that data in rendered HTML. The view comes up quickly and non-JS browsers can see something useful. But, then any future manipulation of the view (sorting, for example) uses the JSON data and generates a new clean view from the JSON data. No data is then ever "parsed" from the HTML view.
In larger projects, this also can facilitate the separation of presentation from data manipulation so different people may work on creating HTML views vs. manipulate the data (like sorting).
I would make the multiple ajax calls to the server and have it return the sorted/filtered data. If you server backend is fast than it won't be very taxing and you could even cache the data between requests.
If you only have 50-100 items than it would be reasonable to send it all to the client and have javascript sort and filter it.
Some considerations to help make the decision
Is the information sensitive and unique? (this voids and benefit to caching in my first point)
What is the most common request that will happen and are you optimizing for that?
How much data is there? (tens of rows, hundreds, thousands, millions)?
Does you site have to work with JavaScript turned off? (supporting older browsers?)
Is your development team more comfortable doing this in the front-end or back-end?
The answer is that it depends on your situation.
Is it possible to insert data in a database using javascript only.
if yes then please post a simple example of it.
Since javascript is a client side language and not a server side,i think its not possible.
But then how to do it.
It is possible if you are using CouchDb
http://couchdb.apache.org/
Apache CouchDB is a document-oriented
database that can be queried and
indexed in a MapReduce fashion using
JavaScript. CouchDB also offers
incremental replication with
bi-directional conflict detection and
resolution.
Not directly.
Any server-side language could be made to do this.
Allowing end users to craft database queries however is just asking for it in the worst way.
The short answer is "no", javascript is a client side language, and has no ability to connect to a DB.
HOWEVER, the long answer is 'yes, but...'. There are a number of socket-libraries available in javascript (though most I saw seem to involve some flash/java trickery). Therefore, one could connect to the sql database (which would have the obvious security flaw) and submit the record from there.
It would be POSSIBLE, but absolutely stupid, difficult, and insecure.
Google: 'javascript odbc access'
First result
http://forums.asp.net/t/1285316.aspx
It IS possible. Though I don't know why you would want to do it. The code makes me think of when I did coding in ASP with ODBC support.
No you can't simply do that.
Javascript was created for Client Side which means it can be effective at Client Side.
You can use HTTP Scripting technologies to exchange data between Server side and Client Side, for example Ajax would be nice practice.
Javascript can post data to server but there must be a back-end that can evaluate the data posted by Javascript.
I don't know but maybe later they will be such a technique or tech.
Yes, it would be possible to create the ActiveX objects that could connect to the database and execute a query.
No, I won't post an example. Putting the code in Javascript means that anyone can just view the code and get the connection string, getting access to view and edit your database. Let's just say that the TTL for the database would get really short...
Javascript is primarily a client-side language and has no access to a database without the use of a server side language to supplement it.
It is possible to use AJAX to post the data to the server, which would prevent the page from posting back, giving the appearance that the javascript had performed the action. But inevitably you will need something like ASP.NET, PHP, Ruby, ect. to capture the data and persist it to the database.
EDIT: Although not what I would consider a true database, there is a library called Taffy DB which is a client-side javascript database. Keep in mind that it is an in-memory database and it does not persist data to the server, so the data will be gone as soon as the user closes their browser. The Taffy DB FAQ covers it's ability to persist the data pretty well.