We help IT Professionals succeed at work.

PHP Design Help

notta3d asked
Last Modified: 2013-12-12
Right now I have a script written in vbscript/autoit that is run on each of our supported machines. When I setup the machine I run the script and fill out the customers information. It also pulls information about the machine such as serial number, model, IP, etc. I then write this data to a csv file and moved to our network share. This has been fine, but the data is really not usable in this form so I was hoping to get the data into a database.
My question is how can I use PHP to get that same info into a MYSQL database? PHP cannot grab things like model, serial number, registry info and other things like that correct? Can I pop a browser, have it read a text file and populate text fields with the info. I would then submit the data through the browser and it would add the entry to the database. Any input on this would truly be appreciated. Thanks.
Watch Question

Most Valuable Expert 2011
Author of the Year 2014

If you're saying that you want to access information on the client computer, the answer is generally, "not without a specialized application running on the client machine."  ActiveX controls and Flash circumvent this limitation because they run programs on the client computer, without the client's permission and as we have seen, with sometimes bad results.  PHP does not do this by itself.  However you can ask the client to fill in a form and provide cues - where to find the data, etc.

A really good book on PHP and data bases is available here:

HTH, ~Ray


We would be physically running it at the machine with admin rights. What I was thinking was run a modified version of our current script that would pull all the machine info like model, serial, IP, ... and write it to a csv flat file. Then after that finishes pop a browser window that would read the flat file and fill text fields with the system info. Below that fields where we would manually input information that we cannot obtain automatically like user phone and job title. Then click the submit button and enter it into the database. Can this be done with PHP or can you think of a better way?
Most Valuable Expert 2011
Author of the Year 2014

This sounds feasible.  The client would have to tell the upload script the name of the CSV flat file.  This is one field that cannot be prepopulated in a form.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Look at https://www.experts-exchange.com/Programming/Misc/Q_21303268.html  It's talking about ways to post something to a webpage using VBscript.

Not sure if its what you want, but i have successfully done it with autoit & php passing the info you want in the database as variables in the url, then have a webpage on the server that processes them. that way it would bypass the need for a csv file.

InetGet ( "http://webserver.com/?value1=<your_data>&value2=<your_data>&value3=<your_data>")

$value1= $_GET['value1'];
$value2= $_GET['value2'];
$value3= $_GET['value3'];
$con = mysql_connect("localhost","user","password");
if (!$con)
  die('Could not connect: ' . mysql_error());

mysql_select_db("database", $con);

mysql_query("INSERT INTO table (value1, value2, value3)
VALUES ('".$value1."','".$value1."', '".$value1."')");


i havent tested the above but have used very similar before... the concepts there though!
Most Valuable Expert 2011
Author of the Year 2014

It is a dangerous and technically incompetent design pattern if you update the data model on the basis of a GET string (URL arguments).  You can look it up, but here is the simple example that should illustrate the risk.

Let's say you have a URL that allows you to delete a record based on the key, like this:

If you do a delete based on the URL argument, "key" could be anything and you would delete the record!  Or all the records!

Same rule that applies to DELETE applies to INSERT or UPDATE.  Your data base is at risk of pollution because anyone with a web browser can simply type a URL and change your data model.

That is not to say that POST strings are safe - they are not and must be sanity-checked.  But you cannot do an INSERT query like the example posted at ID:33169234 without putting your web site into the hands of the hackers.  Just don't do that!

it depends how secure it needs to be - notta3d is talking about customers so it may not be secure enough. we were using it over a lan with a login password, so while it may be a "dangerous and technically incompetent design pattern", it did the job for us and may do the job for nott3d.

you could also put the  database name/password in as a url argumants as well, so no-one could just type in new records.
Most Valuable Expert 2011
Author of the Year 2014

"database name/password in as a url argumants"

I would recommend against that, too!  Once you expose information like this, even visually, you lose control of what people will do with the information.

To each his own...

Note in the original question "When I setup the machine I run the script and fill out the customers information" - they are running it themselves, so the end user cant decompile the script to get the login details, and using autoit the  information is never exposed visually. I agree in most cases it wouldn't be secure, however it works without any extra programs and may be the answer to this problem.


Thanks for the replies guys. Since from reading your posts this is not going to be as easy as I thought it was going to be I have another question. As I said, when we're at the machine we run this AutoIt script and gather all the info. When the tech clicks the submit button a drive is mapped and the csv file is copied to the server. Is there a way to have PHP check a folder to see if there are any new files, and if there are, read them and input them into the database? I can have it check every 30 minutes or so for new files. How do I get this to run on a scheduled interval though? This would be a cron job right?
This one is on us!
(Get your first solution completely free - no credit card required)
something else to look at is

OCS Inventory http://www.ocsinventory-ng.org/
GLPI http://www.glpi-project.org/?lang=en

With OCS, you can load an agent onto each machine (through VBS login script if you want) which will automatically communicate with your server running OCS. You then get full inventory of every machine on the network. You can add registry keys to capture... It also does package deployment - so you can  create a new package containing software updates, new apps, etc; deploy the package and then all of the connected machines will get the update and install it. quite powerful software actually.

The GLPI software is an asset and resource management package that can integrate with OCS.

Both of these applications are Open Source


Thanks man. The nncron will do what I need it to do. Also thanks for the great links for the agents. These could be useful.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.