1

Following my question regarding connecting to a MySQL database in Java, I am looking to create a web service in PHP. My Java program needs to ask the web service to gather some data from MySQL database and send the result back. However, I have a few dilema's:

Firstly, my web hosts do not support Java, and therefore the server side needs to be written in PHP but the client needs to be written in Java.

Secondly, all the tutorials I have found seem to involve creating a whole web service project in order for my Java program to communicate with the web service, where as realistically only a couple of classes need to contact the PHP web service.

And, you may have already guessed but I don't know anything about web service's. It was just suggested that I used one in order to get around the GPL licence of the JDBC driver...

I realise that similar questions may have been asked here before but as I am a complete novice, the posts that are saw here did not contain enough information for me and I require as much help as I can get - almost a step by step guide!

Alternatively, I did think about just using standard PHP Sockets, as I am pretty sure I know how to use them. However, I don't know how secure they are and I didn't want to take any risks because I will be needing to retrieve information such as licence keys!

Thanks in Advance

Andy
  • 3,600
  • 12
  • 53
  • 84

2 Answers2

1

You don't need to use PHP Sockets, all you need is a simple PHP script on your web host that fetches the data you need from the MySQL DB and outputs the data to be read by your Java client.

Your PHP script will need:

  1. To retrieve any query parameters from the Java client (probably via $_POST or $_GET).
  2. Information to connect to MySQL (hostname/ip address, db name, username, password).
  3. To run SQL query/queries to grab the data from the database.
  4. To output the data for the java client to read, in some mutually-acceptable format, such as XML, JSON, HTML, etc.

You would structure the script something like this:

<?php
    // 1. Read and validate input parameters
    $myquery_val = $_POST['queryval'];

   // 2. Connect to MySQL

   // 3. Fetch MySQL data

   // 4. Output data
?>

To learn how to connect to MySQL and retrieve data, read up on MySQL PDO: http://php.net/manual/en/ref.pdo-mysql.php

JJ.
  • 5,425
  • 3
  • 26
  • 31
  • I concur. Youe can then do everything over https if necessary. – Ed Heal Aug 26 '11 at 16:23
  • @JJ Oh, that seems much too simple to be true! Is [this post](http://robbamforth.wordpress.com/2009/04/27/java-how-to-post-to-a-htmlphp-post-form/) an example of how I could go about using it in my Java program? The only two questions that come to mind are: can this method be easily hijacked? And, how do I make it so only my program can access the script? – Andy Aug 26 '11 at 16:25
  • You can include authentication, requiring the Java application to log in first to retrieve a session key, and passing that session key over to the PHP side to be authenticated first. You have to do it through HTTPS for it to be protected. – Extrakun Aug 26 '11 at 16:29
  • Also, why did you suggest MySQL PDO? Won't standard PHP MySQL queries suffice? – Andy Aug 26 '11 at 16:29
  • @Andy yes standard queries will suffice however PDO seems to be becoming the more standard approach. – JJ. Aug 26 '11 at 16:36
  • Yes you would need to protect your service, communication via https is a good idea as @EdHeal mentioned. You can implement an authentication mechanism for your Java client to prevent unauthorized clients from accessing your PHP service. – JJ. Aug 26 '11 at 16:38
  • @JJ Thanks for telling me about PDO. Unfortunately, I do not have HTTPS nor do I have the budget to invest in HTTPS at the minute - so I might be that I go with Justin Turners suggestion! That is, if a webservice is more secure without HTTPS? But, do you have an example of that authentication mechanism anyone, just in case I do need it? AND Just of interest, how secure would the actual JDBC for MySQL be? – Andy Aug 26 '11 at 17:41
  • @Andy either solution will require https to secure it. SSL certs are pretty cheap these days (low as $9/yr) however you can at least test with a self-signed cert as well. As for JDBC, it will need a SSL connection as well (requiring SSL cert) if you want to secure it. Less important on a dedicated localhost but certainly if your MySQL is remote or on a shared box you'll want ssl. – JJ. Aug 26 '11 at 20:19
  • @Andy your authentication mechanism can be as simple as `if ($_POST['secretword'] != 'mysecretpassword') { die('unauthorized'); }` if you want (though I don't recommend it). It's up to you how to proceed. You have been given a lot of information on how to approach this, now try writing some code and ask again on StackOverflow if/when you get stuck. – JJ. Aug 26 '11 at 20:25
  • @JJ Thank you very much for all your help! It looks like an SSL Certificate is inevitable for this type of project; especially in a business! So I have found a 90 free day trial SSL Cert. over at instantssl.com which I will put in place as late as possible so hopefully by the time it comes to renewing the cert. I will have generated enough profit in order for me to invest in HTTPS, and possibly even a dedicated server! In terms of the authentication mechanism - I did think about something like that, but my initial thoughts were how easy it would be to fool! – Andy Aug 27 '11 at 07:20
  • I guess I am just being too paranoid about security at such an early stage; thinking that every one who sees my software will only be interested in hacking when realistically they'll probably quite IT illiterate! So I will continue trying to do this myself now as you suggested, but could you just very whether [this article](http://robbamforth.wordpress.com/2009/04/27/java-how-to-post-to-a-htmlphp-post-form/) is the correct way of accessing the script from my Java program, like you suggested! – Andy Aug 27 '11 at 07:26
1

What I would do is use an agnostic form of communication between your PHP service and the Java client. My weapon of choice is XML.

The steps would be:

  1. Create the PHP classes which will interact with your database and get the data you want to work with. GitHub has plenty of examples and source code. Sample PHP-MySQL Database Abstraction Layer
  2. Create a RESTful php service which takes the data from step 1 and makes it into an XML REST service. Checkout the Recess Framework, an easy to use REST framework
  3. Create your JAVA client, it should just need to be able to work with HTTP, and consume XML. No need for a huge soap or other framework.
Justin Turner
  • 415
  • 3
  • 6
  • Turner. Thank you for your answer, the links you provided were very helpful and your solution IS closer to what I had in mind. However, could you verify how secure this system is / how easily it could be hijacked? AND How I can ensure that only my Java program could access the service. Also, if I were to use your method, it would really help me if you could provide some example code - at least for step three! Thanks. – Andy Aug 26 '11 at 17:47
  • I think I just about know how I could create a web service without using Recess, but I'm not sure if it would be RESTful! Could you look at the following articles and see if any are actually of any use to me, please? [PHP Web Service's available for both REST and SOAP consumers](http://phpwebservices.blogspot.com/2008/01/make-your-php-webservice-available-for.html), [Web Services Tutorial - W3S](http://www.w3schools.com/webservices/default.asp), and [Basic Web Service using PHP, MySQL, XML, and JSON](http://davidwalsh.name/web-service-php-mysql-xml-json) – Andy Aug 26 '11 at 18:38
  • Though, even if those articles we help me achieve what I want to do, I still don't know about security risks, or ensuring how only my Java application can access the web service! And, PS How come I can not notify @Justin Turner at the beginning of my comment? – Andy Aug 26 '11 at 18:42
  • Due to a lack of information about such a solution, and also a lack of time and knowledge from me I have chosen to use JJ's solution for now. However, I do still thank you for your answer and I am planning to invest in an SSL Cert. and dedicated server in the near future so that I can create a web service in Java - a language I am familiar with! – Andy Aug 27 '11 at 07:34
  • Hello, please excuse my absence. Creating a REST service is a bit of a bloated solution to your problem. Using JJ's solution will be fine. As for security, you can use a simple password / username coded into your script. Use SSL. Also, make absolutely sure that you sanitize user input. Please see [link](http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php) – Justin Turner Aug 31 '11 at 16:28
  • Justin, it's okay about your absence. It's a good job JJ's solution is fine though because that's what I am using now! I have made sure that all my POST variables are sanitized, and have required an authorization code to be POSTed before anything else happens. As well as password protecting the directory (using .htaccess). AND I managed to get a free SSL certificate from [StartSSL](http://startssl.com)! As far as I can see - I am finally set to sail! :D – Andy Sep 01 '11 at 19:54