Remote MySQL database connectivity from android device

Question

I am developing one application which need the following functionalities

1. I have webserver. I need to access the webserver from android device.
2. I need user registration and login facility.
3. AFter the user logs in I need to access data from remote SQL server via webserver or directly whatever is possible.
4. I have to update user entered form data to my SQL database through webserver or directly whichever is available.

I think these above things are very common now a days in any website. As I am very new to android I am confused about using webview, or using http java api.

Which one is the normal procedure in industry everyone uses? Can anybody provide me the standard procedure which is secure and safe and easy to implement.

Answer 1

Direct access to the SQL server would mean that people could run arbitrary queries on your SQL server, which is obviously a security issue.

I would implement an API on your website that offers your functionality, instead of directly accessing the SQL database from the app. This is how most sites do it, including Twitter, Facebook and may others.

An API is usually facilitated by a set of scripts that take in some parameters (usually via HTTP POST) and return a result, modifying whatever they need to in the process. There are a few standards for how to handle this, but popular encodings for data are XML and JSON.

Since you can implement HTTP POST quite easily in most languages (e.g. via AJAX in JavaScript), it makes it really easy to port to new devices.