How can I get my app to request a PHP script on my web server. The PHP script needs to query a MySql database and return me the record to my app?
Use an HTTPSocket and either Get or Post to the url of the php script. The output of the script will be the return value from the socket.
Thanks Tim, You couldn’t point me in the direction of a small example or give me an idea could you. I have got it working from my app to the server using HTTPSocket as follows:
Dim registrationForm as New Dictionary
Dim socket1 as New HTTPSocket
Dim skt As Integer
socket1.Yield = True
//ToDo form validation here
//ToDo field encryption and hashing here
registrationForm.Value("firstname") = txtFirstName.Text
registrationForm.Value("surname") = txtSurname.Text
registrationForm.Value("email") = txtEmail.Text
registrationForm.Value("country") = "1" //cmbCountry.RowTag
registrationForm.Value("username") = txtUsernameNew.Text
registrationForm.Value("password") = txtPasswordNew.Text
socket1.SetFormData(registrationForm)
socket1.Post("mywebsite")
skt = socket1.ErrorCode
if skt = 0 Then
MsgBox "The file update was successful!."
Else
MsgBox "Error updating file."+endOfLine+"Try again."
End If
Dim registrationForm as New Dictionary
Dim socket1 as New HTTPSocket
Dim res1 as String
Dim skt As Integer
socket1.Yield = True
//ToDo form validation here
//ToDo field encryption and hashing here
registrationForm.Value("firstname") = txtFirstName.Text
registrationForm.Value("surname") = txtSurname.Text
registrationForm.Value("email") = txtEmail.Text
registrationForm.Value("country") = "1" //cmbCountry.RowTag
registrationForm.Value("username") = txtUsernameNew.Text
registrationForm.Value("password") = txtPasswordNew.Text
socket1.SetFormData(registrationForm)
Res1 = socket1.Post("mywebsite", 20) // wait 20 seconds for answer
if socket1.LastErrorCode = 0 Then
MsgBox "The file update was successful!."
Else
MsgBox "Error updating file."+endOfLine+"Try again."
End If
MsgBox("Debug: "+Res1) // Let's check the returned content : DEBUG : Remove!
But please use an HTTPSecureSocket
Greg, the password will be getting hashed before it is transmitted, the remainder will be encrypted. It will be stored in the database in this way. I don’t have ssl cert but I figured doing the encryption in my app prior to form submission is the same thing.
[quote=24188:@Rick A.] Res1 = socket1.Post(“mywebsite”, 20) // wait 20 seconds for answer
if socket1.LastErrorCode = 0 Then
MsgBox “The file update was successful!.”
Else
MsgBox “Error updating file.”+endOfLine+“Try again.”
End If
MsgBox("Debug: "+Res1) // Let’s check the returned content : DEBUG : Remove![/quote]
Thanks very much Rick, I will give this a go and modify to suit.
It’s not though. If someone were to look at the stream and see the hashed password, wouldn’t they be able to send any data to your php script as an authenticated user? Many attackers will just send mountains of data, or php code, or JavaScript code, or SQL just to see if they can blow up your script or your server.
You should definitely be using SSL for this kind of connection, but if you can’t do that, make sure you are validating the data before acting on it at the very least.
I guess I could hash and then encrypt the hash. Then on the server decrypt the hash and store. The encryption will be done with an application password not one that the user specifies. The password for encryption will be hard coded into the software and changed on upgrades.
SSL wouldnt offer any more than that would it?
Yes, the security of SSL’s run of the mill use is understood. Ad hoc methods, not necessarily as much as you would expect. If your reasoning is wrong through SSL, the consequences aren’t terribly high. If they are wrong with your ad hoc method, you might as well not waste your time encrypting. If you’re not enough of an expert with encryption to have already internalized this, chances are higher of making a mistake with ad hoc methods.
Perhaps I should rethink then. If I use an HTTPSecureSocket then, can I just post my form data unencrypted as far as I am concerned? I would still hash passwords but the rest of the info? Or would you still suggest I encrypt it for storage in my database on the server?
“Plaintext” through HTTPSecureSocket is fine. Keep it simple, and keep things flexible for the server-side.
So what about encrypting what is stored in the database?
That would be a database or middleware (your PHP script) issue.
Ok so:
Post Plain Text over HTTPSecureSocket, Encrypt on server in script and store.
Use whatever built-in encryption the database offers first, before you write your own.
And be sure to use an encrypted connection to the database server, if it uses a TCP connection. e.g. MySQL.
Right all that sorted. I have the query’s etc sorted in my PHP but how do I return a recordset to my app? Do I just
<?=$QueryResult?>and then in my app something like
Dim rs as RecordSet
Result = socket1.Post("mywebsite", 20)
rs = ResultI am aware that Result is a string but am I on the right lines (ish) ???
Have your php script format the output as xml or tab-delimted or something. Parse it in your xojo app.
Thanks Tim, i’ll give the delimited approach a try. Do I just send the whole lot back in one hit?