So I am creating an app that sends data to my web server to be stored
in database. The way I am interfacing right now is, posting the data
via HTTP POST to a php script I wrote. The script then verifies the
data, calculates a few things, then enters the data into the database.
Then, if everything goes well, the php script echoes a return code that
the RB app reads and handles accordingly.
Now, here is my question. This seems like a jerry rigged method,
parsing PHP output. It just doesnt seem like a production solution. So
I was wondering if it would be a good idea to handle all the data and
security on the RB App side, then just making a secure connection to
the database (MySQL) and inserting the data through the app. My only
worries about this method is that I have read about major security
issues (i.e. SQL Injection) that can be exploited, and since the data
is not getting checked server side it seems like this would be a major
flaw.
What would you guys do?
Thnx.
Tig
|
