1

I want to write a MySQL select statement in javascript. Is it possible? Most I found were for .asp, to be embedded into a .php

Thanks Jean

asked Nov 28, 2010 at 20:39
5
  • 1
    yes, it's possible but t-o-t-a-l-l-y useless Commented Nov 28, 2010 at 20:40
  • @col if it works then I'd use Commented Nov 28, 2010 at 20:42
  • Usually JavaScript code is executed on the client-side and the MySQL engine runs on the server side... Commented Nov 28, 2010 at 20:45
  • 3
    No! Really, you shouldn't be doing this, it would be a big security hole, as users would be able to execute arbitrary SQL! Commented Nov 28, 2010 at 20:49
  • @Spolto arbitrary SQL might not be a problem if the user that is running the query has limited privileges. Commented Apr 15, 2011 at 22:48

4 Answers 4

5

With a PHP server, JavaScript runs on the client and MySQL runs on the server. The only way for this to work would be for the JavaScript to send the query to the PHP server to be run, and the results returned to the browser. This is extremely insecure since destructive queries can be crafted by a malicious client, and you are advised not to do this. Instead pass the criteria you want to look for, and let the PHP handle generating the query.

answered Nov 28, 2010 at 20:42
Sign up to request clarification or add additional context in comments.

3 Comments

It would be secure because the query would be visible to the world?
@Jean: insecure because anything sent back to PHP from the client can be changed, so the client could send back a "DROP TABLE users" query for instance.
Insecure because nobody bothers restricting user rights in MySQL anymore, everyone has taken the habit to do it in PHP... so much that most people seem to forget about this feature!
1

The SQL should be generated on the server by the PHP code. Only the parameters should be sent from the Javascript.

You could in theory generate SQL in Javascript on the web client and then send it to the server to be executed but this would most likely create a huge security hole in your application.

answered Nov 28, 2010 at 20:43

Comments

0

The other problem with writing sql queries on the client in javascript is that you still have to send them to the server to actually execute them against the mysql server. There is no way to directly query a mysql server from the browser without activeX or Java or similar and/or exposing your mysql server to the internet.

As the others have mentioned, this is a really bad road to go down.

I would challenge why you would like to do this in javascript in the first place? Why is Javascript your first choice? What problem does javascript solve for you that server-side script (php or whatever) doesn't?

answered Nov 29, 2010 at 4:04

Comments

0

Here is a MySQL client written in JavaScript, but it runs server-side using node.js:

https://github.com/felixge/node-mysql

Not exactly what you're asking for but might be useful. node.js is an interesting technology.

You can also send MySQL queries to the server and then have a PHP (for example) script run them there and return the results. If you do that make sure to secure your database and run them as a user with restricted permissions so that your database will not be vandalized or your application hacked.

answered Apr 15, 2011 at 22:53

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.