PHP-C# two way communication

Question

I am creating a PHP website connected to a MySQL database. Next I will need to write a C# desktop app that will use the same DB. Unfortunately I cannot connect to the DB directly from a remote location and my hosting company won't allow SSH neither.

So what options do I have? If the hosting company supported .NET, it wouldn't be a problem, but I'm not that experienced with PHP. Will I have to write a PHP service (SOAP?) and then consume it in my desktop app? Also, how do I communicate with server from the desktop app?

Any help appreciated!

score 3 · Accepted Answer · answered Dec 19 '11 at 10:48

3

Depending on security requirement, could you write a generic SQL executing page in PHP, that took the SQL as a String parameter, and returned the results as an array of Strings (Might need some meta data too or something)?

Other than that the only thing I can think of is a web service of some kind.

Also SOAP can work both ways, you can read and write from the C# app, no need to write a WebService on both ends, unless you need to notify your c# app about something from the server (In which case you could always try frequent polling from the c# app)

answered Dec 19 '11 at 10:48

Matt Fellows

6,512
4
35
57

1

Having the SQL as a String parameter is a bad idea, as it would make an easy target for injection and it is just bad-practice even if it's between local servers. Rather supply SOAP services that return the required objects/strings or data, and avoid sending SQL to your web-server. – Kolky Dec 19 '11 at 10:58
1

I like this answer the best, however, I am worried about injection just as Kolky has noted. But then I'm not sure what Kolky means by the second sentence - how do I tell the server what to insert into the DB if not by query strings? – jkottnauer Dec 19 '11 at 14:12
@Kolky Which is why I put the caveat about security in there - there might be absolutely no risk of SQL injection for all I know. Besides just because it makes it easier for SQL injection doesn't mean he couldn't parse out an injection methods from any parameters, or pass the parameters through as separate arguments and apply them as parameterised queries within the PHP itself. SOAP is a pain the arse frankly and not in and of itself any safer than a webpage taking a String. – Matt Fellows Dec 19 '11 at 14:14
1

@jkottnauer If you are worried about SQL injection, take any parameters to the query as separate arguments, then apply them to the SQL using parameterised queries as explained here... http://stackoverflow.com/a/60496/460785 The c# could just pass the SQL as one parameter, then each parameter of the SQL as another parameter. I'd suggest putting some kind of username and password on the calls as well, or even better some kind of single use token. – Matt Fellows Dec 19 '11 at 14:16
What I mean is create pre-defined SQL-queries and offer the results using a SOAP service, allow adjustments to the SQL-queries by flags or arguments but not direct SQL. – Kolky Dec 19 '11 at 15:17
@Kolky Still don't see the need for SOAP here - even if you predefine the queries, just using a standard PHP page to trigger them will be far less of a headache than using SOAP. There's not necessarily a need for him to pass whole objects across, so why complicate things? – Matt Fellows Dec 20 '11 at 09:06

score 3 · Answer 2 · answered Dec 19 '11 at 11:04

Best option would be creating a set of RESTful services in your PHP site.

One of most important things to take in account is REST is more configuration by convention, and there's no need of things like SOAP which may be an absolute overkill for your solution.

You just send JSON from PHP and .NET Windows application will parse it as a CLR object.

A sample scenario would be:

Service operation: http://yourdomainhere.com/API/Message/34894 ** This returns something like { "text": "hello world" }
.NET client receives this JSON and using a JSON parser like Newton JSON parser, you'd be doing this:

MessageDto dto = JsonConvert.DeserializeObject([JSON received from the service call]); MessageBox.Show(dto.Text); // This will show "hello world"

It's just a very simple example, but it'd give you an idea of what's next.

You can query your REST API using WebRequest/WebResponse .NET BCL classes.

PHP only needs to send a web response including your JSON in the output stream, that's all. No SOAP, no XML, no complication. Keep it simple.

score 1 · Answer 3 · answered Dec 19 '11 at 10:52

1

I think the following link will be of helpful to you!

Developing SOAP Web Services with PHP/C#

answered Dec 19 '11 at 10:52

Jomoos

12,823
10
55
92

score 0 · Answer 4 · answered Dec 19 '11 at 10:49

What you can do is providing some PHP-wrappers which you can access from your C# code. As an example you can use this discussion, regarding C# / PHP communication.

Basically you can send a HTTP request to PHP and retrieve it's return value with C#. PHP would then perform the DB requests. If you're using AJAX on the Website it should be easy using the same communication interfaces.

score -1 · Answer 5 · answered Dec 19 '11 at 11:02

this is the first paragraph of Matt Fellows answer. But in what form do you send the data back to the application in? Maybe JSON?

PHP webpage

<?php

$host = "host.host.com";
$user = "XXXXX";
$password = "XXXX";//plaintext :)

$connection = mysql_connect($host, $user, $password);

$database = "XXXXX";


$syntax = $_GET['syntax']; //www.example.com/help.php?syntax=DROP%20TABLE%20XXX

$result = mysql_query($syntax);

//somehow output the $result in C# readable form

?>

csv, xml, json - take your pick. All three of them have libraries in c# .net for parsing them. — Matt Fellows, Dec 19 '11 at 14:20

PHP-C# two way communication

5 Answers5