iOS Retrieve Varaibles from PHP script

[man2manno]

Hey guys, does anybody know how to retrieve values of variables from a php script, that gets its values from a mysql database? I don't have a problem getting the values to the php script however, I can't seem to find a way to make a connection from the device to the script. I tried using NSURLConnection but I am still stuck. Any ideas? Thanks in advanced.

 

[zachsilvey]

Why don't you just connect directly to the SQL server?

 

[ulbador]

Why don't you just connect directly to the SQL server?

There are a ton of reasons not to. Number one and of paramount importance is basic security. A DB server that is directly accessible from the Internet is vulnerable to a ton of different types of attack. I would always put some sort of application/api layer between an iPhone app and a database. At the very least, then it's impossible to directly access the database data; it would all be controlled via the parameters of the webapp.

Hey guys, does anybody know how to retrieve values of variables from a php script, that gets its values from a mysql database? I don't have a problem getting the values to the php script however, I can't seem to find a way to make a connection from the device to the script. I tried using NSURLConnection but I am still stuck. Any ideas? Thanks in advanced.

I actually had to throw together something VERY quick and dirty recently for a work project. I needed to have a webapp compatible iPhone app in 10 minutes. Here is a tidbit of the relevant code:

NSString *url =@"http://server.com/path/phpfile.php";
	
	
	NSString *retData = [NSString stringWithContentsOfURL:[NSURL URLWithString:url] encoding:NSASCIIStringEncoding error:nil];
	
	NSArray *tokens = [retData componentsSeparatedByString:@"||||"];
	
	for (NSString *splitData in tokens) {
		NSArray *moreTokens = [splitData componentsSeparatedByString:@";;;;"];
		[myArray addObject:moreTokens];
	}

Basically, my script returned data in the form of:

variablename;;;;value||||variablename;;;;value||||etc

It was quick, dirty, does zero error checking, definitely not the prettiest, but very effective.

 

[man2manno]

Thank you very much, that actually looks exactly like what I was looking for but if you don't mind, you caught my attention when u mentioned the security of my application. You said I should have something there to help protect it...what should it be and why? Thanks a lot.

 

[ulbador]

Thank you very much, that actually looks exactly like what I was looking for but if you don't mind, you caught my attention when u mentioned the security of my application. You said I should have something there to help protect it...what should it be and why? Thanks a lot.

Basically, you should always have some sort of application between you and a database. This means that you can only do what the applications allows you to.

For example, if you are directly deleting records from a database, there is a good chance that you could delete the wrong rows through a proverbial "fat finger". On the other hand, if you build a web application that only allows you to delete the rows after you visually verify them, it provides another layer of security and protection. A database server should never be directly exposed to the Internet. Many of them lack SSL and other basic security features in their protocols. Also, many databases place the "burden of trust" on the application or person connecting.