Originally Posted by Old Pedant
you want and need to have server side code that protects you from this kind of stuff. The server-side code knows what kind of requests it will accept from the app and will reject anything else. And it would then never just take a SQL command from the app and execute it, as is. It would always validate and "sanitize" the requests.
So would I have my app access a php script using a URL loaded with $_GET vars to define the action required and to authenticate the source? I can understand doing something along those lines.
What I'm not too sure about is the reading half though.
How can my app retrieve information from the server? Once my php script authenticates and gets the database info that's been requested, how can I provide this to my app?