How to send orders

fatman · Apr 6, 2012

Hi Folks,

this time I have a conceptual question.
I have written an app for salesmen showing products and taking oders.
What is the best way sending these orders to me: by email or to a server of my own?
What are the advantages/disadvantages of both ways?

Any hints are welcome.

Fatman

rfresh · Apr 6, 2012

It depends on whether or not financial information (credit card numbers to go along with an order) is needed. If it is then you cannot use email. You would have to send it to a database on a server and you'd have to make sure it was encrypted (using https for example). Your merchant provider would require it this way.

If financial information is not in the order itself, then email or text messaging would work fine.

You're going to need to store order data somewhere so I would recommend a database on a server rather than keeping emails in a folder so you may want to go that route regardless of the first paragraph.

Mahares · Apr 7, 2012

You would have to send it to a database on a server and you'd have to make sure it was encrypted

What are the detailed steps involved in the above statement. Can you elaborate? I am having a hard time understanding how to remotely upload a file directly from your device to a given folder on the server.
Thanks

rfresh · Apr 7, 2012

I've done this using PHP. I'm not sure of the details using B4A but it can be done:

Send the order file to a folder on the server, encrypted (if it contains credit card info) via FTP. I know B4A can do FTP so this can be done. On the server, create a cron job (that's a batch job on a Linux server) and have it run every 5 minutes or so looking for order files in that Order folder.

Write the cron script in what ever server-side scripting language you can code in, I'd do it in PHP. It's this script that does the inserts into the DB and anything else you want such as sending an email to you confirming the order is in the DB. Again, if you have credit card info you need to encrypt the number in the DB field table (I'm assuming you need to get and maintain PCI compliance for your merchant bank).

Another option, not a good one but an option, is to do your orders all by email but as I stated before, you cannot include any payment info in the emails so this might not work for you.

fatman · Apr 7, 2012

Thank you very much for your considerations!
As the data to be transferred contains no sensible stuff I will try sending emails.
I think I can switch to more secure ways of transport anyway if if have to...

Thanks again!

Fatman

Mahares · Apr 7, 2012

Thanks 'Rfresh' for your explanation. But I have no idea what you are talking about. I will explore FTP.

rfresh · Apr 7, 2012

Mahares said:
Thanks 'Rfresh' for your explanation. But I have no idea what you are talking about. I will explore FTP.

PM me anytime...I will try and explain in more detail and answer your specific question(s)...

bluedude · Apr 7, 2012

Sending data to server

Well,

I wouldn't use FTP, very oldskool way to do it. Use a https server and create your own API, there are plenty of php API samples around.

Use the http client and JSON to transfer information. You could actually encrypt some information on the device if you store stuff locally.

With caching solutions everywhere (APC etc.) you can even make it more efficient. Always go for high quality solutions and recent technology.

Doing this the modern way is definitely REST api's and JSON. The REST API's can be wrappers around for example MySQL/PHP PDO (database layer).

I see so many samples of people doing SQL access the old fashioned way (non PDO) without using parameterized queries. SQL injection is around the corner.

Anyway, just some suggestions.

Mahares · Apr 7, 2012

Thank you Rfresh for the willingness to help.
Bluedude: I am sorry, I am not familiar with any of the jargon you used in your reply. Actually, I am intimidated now. I guess I have a lot to learn about file transfer methods. I gave B4Aserver a try and could not get it to work. If you have a suggestion where I can start at the ground level in terms of what you suggest, I will be willing to invest the time to get up to speed.
My goal is simple: Remotely upload text files from device to a PC pre-set folder, and download text files from PC to device preset-folder without messing around with email.
Thanks

rfresh · Apr 7, 2012

Absolutely nothing wrong with using SFTP. It's old but it's easier than using REST/Json/ADO/PDO etc. and writing your own API, which is a complex solution. The easier and simpler solutions also will have fewer bugs to find and fix. In this case, SFTP is almost a no brainer option.

I can't imagine how many bugs would be in your "modern technologies" solution for a less experienced B4A developer to find and fix. Mahares has already admitted this is well beyond him.

And as for "SQL injection is around the corner", this statement does not make any sense at all. SQL injection is a vulnerability type of hacking attack and is already here (definitely not something coming around the corner, it's here now). SQL injection detection is handled by PCI scanning and penetration scanning and has nothing to do with what Fatman is trying to do. And I won't even go into the coding solutions to prevent this type of attack against a database.

@MaHares your solution is FTP. Period.

How to send orders

fatman

Active Member

rfresh

Well-Known Member

Mahares

Expert

rfresh

Well-Known Member

fatman

Active Member

Mahares

Expert

rfresh

Well-Known Member

bluedude

Well-Known Member

Mahares

Expert

rfresh

Well-Known Member