Apache Friends Support Forum

[eno2]

I am a new web developer, so please excuse me if I don't use the right lingo. I've created a dynamic site (locally using Apache/MySQL/PHP) and now I want to host/publish so that it is viewable to the public.

I've created a local database using mySQL. I've created an insert page so that I can add information into the database. Essentially this is a web front-end page, which makes it easier for me to insert information rather than inserting directly into the database. I am concerned about two things – (1) security, and (2) I want the online database to match my local database (my confidence level of online hacking scares me and I want a backup of my data in case this happens). So I am convincing myself that the best way to deal with this is to update my database locally, and then using FTP to upload the information to my hosting provider once a week. However, I have another concern about this – time it takes to upload the local database every week! The database is relatively small now, but it will grow in size in the coming months and years.

Am I being silly about this method/reasoning?

Is it safe to upload my "Insert page" (user authentication is in place) and just insert the information from the hosting site? Then how could I make a copy of the database from time to time from the host onto my local computer?

[Izzy]

...Is it safe to upload my "Insert page" (user authentication is in place) and just insert the information from the hosting site? Then how could I make a copy of the database from time to time from the host onto my local computer?...

Personally I would upload the "Insert Page" to your server, more reliable and if the hosting company knows what it is doing and has hardened it's servers properly then it will be more secure than your home PC. Most quality hosts have their clients interest at heart which, of course, effects their bottom line.

With regard to your back up concerns - on your hosting provided site do you have cPanel or any other control panel like Plesk etc. installed?

If so, then most of those good panels have a backup facility that will suit your needs including a scheduling facility. You can configure it to backup to your home PC or anywhere you want to store your backups.

Consult the panel's documentation or raise a support ticket with your hosting provider. Often good quality hosts will do a nightly backup of all their clients data often included in the price of the hosting. Also good ftp clients have a sync and schedule feature that you can set to run once a week or so, in the background or when you are asleep.

There is nothing wrong with developing your web sites on your home PC, using XAMPP to test things out. When you are satisfied with the results, uploading the site to your hosting provider, bearing in mind you may have to tweak the uploaded files to make sure paths and file names that may be different in XAMPP to the features and paths of your host, are indeed correct for your host server's needs. On *nix based servers case is sensitive. On Windows case is insensitive. Incorrect file paths will prevent your site being served and will give error messages. I would recommend *nix servers to Windows servers for the best results for overall Internet presentations.

If you don't have a control panel then you can use the directory above your root web directory on your hosting server to store backups if you have enough allocated storage space. This directory is not accessable from the Internet.

Example - your web site is either stored in /public_html or /www or /htdocs etc. on your hosting server. So store your backups in the directory above these in /
One example of a directory structure for hosted clients is /home/user(you)/public_html/yourwebsitepages.html - your backups would go in /home/user(you)/mybackups

Worth noting - do not delete or alter any files or directories that are already in your /home/user(you) directory as they are placed in there by the hosting server and may cause your hosting server to fail. There is nothing wrong though if you place your own files or directories in there.

Hope this has been some help with reassuring you of your worrying security concerns.

[keepsedge]

Heres what I'd do.

Because you'll always download faster then upload, add your DB_insert.php to your webroot. And use it from there. However you'll want to incorperate teh folowing things.

Code: Select all

<?php
$auth_token = 'someAlphaNumericmd5Password';
$_HTTP_GET_VARS['token'] = '0';

if ($_HTTP_POST_VARS['token']) {
     if ($auth_token = md5($_HTTP_POST_VARS['token']));
          $check = 1;
     } else {
          $check = 0;
     }
}
?>

~~~~~~~~~~~~~~~~~~~~
<body>
<?php
if (defined($check)) {
  include ('DB_updater.php');
} else {
  include ('login_form.php');
}
?>
</body>
~~~~~~~~~~~~~~~~~~~~



if you do it with three pages, you can force login, to get to the DB_update page. (I assume this is some sort of blog updater). anyway, about 90% of the logic is there.

What id do from here, is do a mysql_backup from CPannel. Tar.gz it on the way out. (or .zip). If the server allows. and you can download site updates. and its secure. As long as you have register globals disabled.

forgive any code errors. I write perl more then php. And i tend to accidentally write it when i dont mean to. The logic is there though

enjoy