1. What is WebDB?
WebDB is a generic web-based database interface. It is a web-based
interface to a database running on the server. It allows all operations
on the database including adding, updating, and deleting records in the
tables. It is generic because it needs no information about the database
schema to operate. Only one line of code needs to be changed to connect
to the database. (There are some additional details. See the documentation
in the file package for more details. Some features of WebDB:
- 3 levels of access on a per-table basis (view, add/update, delete)
- execution of arbitrary SQL for superusers.
See the screenshots for an idea of how it works.
2. Cool. What's the catch?
Well, obviously when making an interface generic, we must sacrifice
in some other area. Because WebDB has no way of knowing what the primary
key is in a table, it assumes that the primary key is the first field.
Of course, this can be a serious problem if the first field is not the
primary key. The best way to work around the problem is to create a unique
key field in the first field of the table. Other limitations are due to
the fact that WebDB cannot check that the input is correct. It must rely
on the underlying database to do that, so in some cases it may be possible
to insert invalid data.
3. What sort of security does it have?
WebDB stores its user data (passwords and usernames) in the database
itself. Anyone with access to the database may view its contents. Therefore,
WebDB does not protect the database in any way. It is your responsibility
to make sure that no one can download the database. Within WebDB, security
is maintained through session cookies. Each user must login at the beginning
of a session, at which time a session cookie is set. This cookie is not
unique between sessions. If this is a universal concern, such a feature
could be implemented. Basically, if you're willing to put your database
online, you accept the risks that go with it.
4. How do I add/update data in boolean fields?
Again, because WebDB is generic, it has no way of knowing that a particular
field is a boolean field. It must rely on the user to do that. The solution
is to write "_TRUE_" in the field for a true value and "_FALSE_"
in the field for a false value. These are reserved words in WebDB and
will signal to the system that it is dealing with a boolean value and
not a string or other data type.
5. Why does it choke when I give it queries with quotes?
The quotes are interpreted by the script before going to the database.
The solution is to use double single quotes or double double quotes. For
example the query, SELECT * FROM mytble WHERE field<>'literal string'
would become SELECT * FROM mytble WHERE field<>''literal string''
Where the '' is two single quotes in a row (not a double quote '"')
6. What are the server requirements?
The server must support Microsoft Active Server Pages (ASP). Obviously,
you must have a database and be able to connect to it through ASP. This
is the only database-dependent part of the system.
7. Why did you choose ASP over PHP?
Without starting another ASP vs. PHP war, I must admit that I prefer
PHP to ASP. (The reasons are unimportant. Just call it personal preference).
However, PHP has no mature database abstraction layer. For each
database, the programmer must call a completely different set of functions
to query, insert, update, etc the database. ASP on the other hand has
ADO (Active Data Object) which is mature and well supported. This allows
such a generic interface to be written. In short, it is simply not possible
with PHP at the moment. With that said, however, I must mention that I
was pleased to discover ADODB for PHP (see http://php.weblogs.com/ADODB)
recently. If it turns out that this will do what I need it to do, I would
gladly port the system to PHP.