Android Question Passing parameters to php


Licensed User
Longtime User
At the moment I use a test system to access the MySQL data in the cloud. The problem is that:

1. the DBMS password, user etc id hard coded in the php. how do I pass these as parameters from B4A to 'better' secure access to the data.

2. I NEVER had to use User and Passw to access the php. Is this not vunrelble for hacking?



Licensed User
Longtime User
Search for php and you get examples how to send parameters to a php script.

The db credentials should be in the php and not retrieved from the outside for security reasons.

Do you have an example script? Will take a look.
Upvote 0


Well-Known Member
Licensed User
Longtime User
Here is a php script that I modified off this Forum to do just that - I'm giving it back as well as the code to use it from B4A. Please heed the security warnings and use at your own peril.

$databasehost = $_GET['dbh'];
$databasename = $_GET['dbn'];
$databaseusername =$_GET['dbun'];
$databasepassword = $_GET['dbpw'];

$con = mysql_connect($databasehost,$databaseusername,$databasepassword) or die(mysql_error());
mysql_select_db($databasename) or die(mysql_error());
mysql_query("SET CHARACTER SET utf8");
$query = file_get_contents("php://input");
$sth = mysql_query($query);

if (mysql_errno()) {
header("HTTP/1.1 500 Internal Server Error");
echo $query.'\n';
echo mysql_error();
$rows = array();
while($r = mysql_fetch_assoc($sth)) {
$rows[] = $r;
print json_encode($rows);

Copy this and create a php file from it (in my case called sqlmanager2.php) and FTP to your Web Site where you want to use it.

Sub Globals 
    Dim SqlManager As String = "http://www.yourdomain./yoursubdirectory/sqlmanager2.php" ' create a php file and name it sqlmanager2.php with th attached script
    Dim dbhInp As String = "Your MySQL Host"
    Dim dbnInp As String = "Your Database Name"
    Dim dbunInp As String = "Your Username"
    Dim dbpwInp As String = "Your Password"
    Public GetMemberDetails = "GetMemberDetails" As String
End Sub
    ' Call the Fetch Member Details sub as you please from where you require it
Sub FetchMemberDetails
    ExecuteRemoteQuery("SELECT * FROM 'your table name' WHERE username = '"&fletUserName.Text&"' and password = '"&fletPassword.Text&"' ", GetMemberDetails)
End Sub

Sub ExecuteRemoteQuery(Query As String, JobName As String)
    Dim job As HttpJob
    Dim PassStr As String
    job.Initialize(JobName, Me)
    '  job.PostString("", Query)
    job.PostString(SqlManager&"?dbh="&dbhInp&"&dbn="&dbnInp&"&dbun="&dbunInp&"&dbpw="&dbpwInp, Query)

End Sub

Sub JobDone(job As HttpJob)
    Log("JobName = " & job.JobName & ", Success = " & job.Success)
        ProgressDialogShow("I am fetching Your CW User Details")
    If job.Success Then
        Dim result As String
       Dim ListNr As Int

        result = job.GetString
        Log("Result: "&result)  
        Dim parser As JSONParser
        Select job.JobName
                    Case GetMemberDetails
                  MemberListRemote = parser.NextArray 'returns a list with maps
'                Catch
'                    Log("Error Occurred in Parser: ")
'                End Try         
                Log("Member List SIZE: "&MemberListRemote.Size)
                    If MemberListRemote.Size <= 0 Then
                       Msgbox("Sorry - I did not Find the Food List"&Chr(10)&Chr(13)&Chr(10)&Chr(13)&"Contact Admin - They will Correct This" ,"ERROR")
                      ' Process your results here.....  Example code
                            For i = 0 To MemberListRemote.Size - 1  
                                 flm = MemberListRemote.Get(i)
                            ' Process as you please...
                                 'flm = MemberListRemote.Get(i)
                                    'f1 = flm.Get("Serial")
                                 'f2 = flm.Get("username")
                                 'f3 = flm.Get("password")
                                 'f4 = flm.Get("fullname")
                    End If
        End Select
    Log("Job Complete")

End Sub

This is example code - i have not tested in this form - although I have used it successfully and it does return a JSON.

There's it my Band of Brothers - my 2 cents.
Upvote 0


Licensed User
Longtime User
As @KMatle suggested, sending credentials from outside the server is dangerous.
From code above it will be easy to decompile the apk, retrieve server/DB and credentials and use them to directly access the DB (if allowed) or use
sqlmanager2.php to send any command through it.
As Erel often suggests, spend some time to study RDC/RDC2 in order to use it "as is", if you can, or be inspired to build your own solution.
Upvote 0