phpMyEdit
See also
Discussion-page
Discussion-page
PhpMyEdit generates PHP code for displaying/editing MySQL tables in HTML. All you need to do is to write a simple calling program (a utility to do this is included). It includes a huge set of table manipulation functions (record adition, change, view, copy, and remove), table sorting, filtering, table lookups, and more. (quote from the phpMyEdit homepage).
phpMyEdit is released under the GNU GPL license.
phpMyEditWikka
The phpMyEdit package has been modified to work seamlessly from within the Wikka environment. The modified package will be referrered to as phpMyEditWikka. If you are familiar with phpMyEdit, you'll be at home with phpMyEditWikka. The functionality is the same, but there have been some 'tweaks' to make it Wikka friendly (see 'Tech Notes' below for the list of modifications).
Download
phpMyEdit-for-Wikka.version1.tar.gzUsage
- The phpMyEditWikka package has an expectation about where it is located in the Wikka directory.
- You must unzip the package and place the phpMyEdit directory under 3rdparty/plugins/.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-file-upload.JPG
- After you have uploaded the files to the right folder, run the setup script.
- Using a web browser, go to http://yourdomain.com/wikka/3rdparty/plugins/phpMyEdit/phpMyEditSetup.php
You should see this...
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-setup-login.gif
- Enter in the MySQL database info and click Submit.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-setup-selectdb.gif
- Select a database and click Submit.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-setup-selecttable.gif
- Select a table and click Submit.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-setup-selectid.gif
- Select a primary key and click Submit.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-setup-selectoptions.gif
- Change the filename if you want and click Submit. This is the name that you use to call the action from within Wikka.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-setup-note-filename.gif
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-page-action.JPG
- Edit a Wikka page and put in a action call using the filename that was generated above.
http://wikka.jsnx.com/images/phpMyEditInstructions/phpMyEditWikka-page-final.JPG
- That's it. You should now have a view of your table.
In closing...
Where do you go from here? Download and read the phpMyEdit documentation. The action file that was created for you is a starting point. The majority of the configuration can be done by editing the action file, but for advanced functionality read about triggers. You will need to create the trigger files manually.
I've been using phpMyEditWikka for about a month in a small production environment. I'm fairly confident that the bugs have been worked through.
This package has been a useful addition to my Wikka site. I hope you will find it useful too. Best wishes. -- JsnX, 26 March 2005
Tech Notes: Modifications from the official phpMyEdit distribution
Setup file tweaks
- The default access permissions are customized for Wikka. By default phpMyEdit allows everyone full access to MySQL tables, including deleting records. I find this to be a bit of a security risk. The default access in phpMyEditWikka allows registered Wikka users full access, non-registered users only have read access.
- The suggested filename is modified to remove underscore characters because Wikka actions cannot contain underscores.
- Three options were removed from the setup script because they are unnecessary or problematic within the Wikka environment:
- Page title.
- Page header.
- HTML header and footer.
- The display of the query time has been turned off by default.
- A new option gets added to each field: wikkaformatting. See above for more details. [... to be added ...]
- The default location where the class file is looked for has been modified.
- The location of the generated file was modified to save to the Wikka actions folder.
Class file tweaks
- ... to be added ...
CategoryUserContributions
"By default phpMyEdit allows everyone full access to MySQL tables, including deleting records. I find this to be a bit of a security risk."
I don't understand this - which (database) user is used to access the database? Surely security requires that an application uses a database user that only has the necessary permissions and nothing more. If registered users really need delete access (really??) the application should use a DB user that allows this.
The access control used is not clear to me. There is 1) access to the database (determined by which DB user is used by the application) and 2) access to the application (determined by ???). If for instance registered users should have no delete privileges then the *application* should take care it uses a DB user that does not have such privileges. The DB administrator should take care the necessary users with (limited) privileges are defined for the database.
Since access control is not clear to me I suspect there is a (possibly big) security hole here.
2.
"Class file tweaks"
Should never be needed - subclass!
In my installation the result of klicking on a column title is something like:
http://MyDomain/wikka.php?wakka=WikkaPage?fm=0&fl=0&qfn=&sfn[0]=2&sfn[1]=0&sfn[2]=1
and thus results in nothing...
it should be "wakka=WikkaPage&fm=0&fl=......." instead of "wakka=WikkaPage?fm=0&fl=........."
Can anybody more familiar with the phpcode solve this?
echo htmlspecialchars($this->page_name.'?fm=0&fl='.$this->fl
to
echo htmlspecialchars($this->page_name.'&fm=0&fl='.$this->fl
You might have to run the 'setup' of your action again.
But using POST instead of GET should avoid that completely (and result in less ugly URLs).
The fix I found for phpMyEdit.class.php is:
replace lines 2747-2748:
if ($this->dbh = @mysql_connect($this->hn, $this->un, $this->pw)) {
mysql_select_db($this->db);
with:
if ($this->dbh = @mysql_connect($this->hn, $this->un, $this->pw, true)) {
mysql_select_db($this->db, $this->dbh);
Otherwise, I was impressed how simple and fast it was to install and run. Deserves to end up in the mainstream distribution.