A little googling, I decided to link via php. Before that, php never worked. The connection is established, confused only by the fact that the connection with the database (I did exactly as in the example) goes via connect.php, which contains the login and password to the DB. I am concerned about the issue of security: what can be changed and replenish the base, bypassing the application itself. You only need to know the names of the scripts and the server address. Perhaps it makes sense to rewrite the scripts so that they take the login and password from the request, POST or GET method with each connection to the database. Tell me, please, competent exit. As planned, a large load on a DB should not be, but the data stored in it should not be accessed or changed by the attacker. The client is serious enough and I don’t want to let him down) I would even consider replacing php with a more suitable option if that makes sense. And yes, I am a novice, almost without experience, so do not throw stones)
3 answers
for such tasks there is a so-called three-tier architecture: the client - the server application - the database. At present, there are several options for the server (server application) to communicate with the client. but I recommend to stay at websocket - it has many advantages, but one thing should be highlighted - browsers and applications can work using this protocol. I recommend making a replacement for php with java (especially since on android, as a rule, they write (almost) java), for ws secrecy, replace with wss. ws / wss saves traffic, server load, ... in general, my practice shows only advantages. PS in your version - http://habrahabr.ru/company/xakep/blog/256665/
Working through a specific API, you limit the ability to change the database within the framework of this API.
By storing the database password in the application, you give full access to the database to everyone.
That’s why nobody ever binds Android to mysql. Any application must be associated with a server API. To which not a ready request is sent, but a specific command and data. Just like it is done on websites: the browser is not associated with the database. He makes a request to the site, and the site already generates SQL for the database.
Your application should work the same way. At the same time, of course, doing all the necessary checks (authorization, rights check, and so on).
And fear of access and data changes are not necessary.
Say, the addresses of the servers Stack Overflow, or there Yandex Mail are known to all. The names of the scripts look too easy. By asking a question or sending a letter, you undoubtedly change the data in the database. Does it scare someone?
You open full access to the database. So applications are not written. I understand the server on the Internet? It makes sense to transfer php scripts to the same server, and from the application to send requests to them.
For example, I am writing a messenger for android. It sends data in json format to a server with php, and php is already working with MySQL.
