Sunit Shirke

Interact with MySQL DB using Android’s WebView & PHP (Part 2: Completion)

Interact with MySQL DB using Android’s WebView & PHP (Part 2: Completion)

Sunit Shirke's photo
Sunit Shirke
·

4 min read

A couple of days ago, I wrote an article covering the basics of hosting a simple website on localhost and running it on your Android Device and the Emulator. If you aren’t familiar with it you might want to go through it before reading any further. So, let’s start.

Although we’re dealing with the same conceptual code here it’s a little different as it involves a bit of PHP code too. Stay with me it’s super easy.

Create any folder inside your “htdocs” of xampp directory and give it a name. Next, create two php files for inserting and deleting data from phpmyadmin MySQL server.

Now I’m going to explain a bit about what the program will actually do but if you feel the need to skip it you can jump straight to the code! So we’re using GET method for fetching the variables in the URL itself which makes our life a lot easier for this particular project.

The URL looks something like this which isn’t secure AT ALL!The URL looks something like this which isn’t secure AT ALL!

We are going to develop a small project wherein we input a word and it’s antonym. The operations are performed using PHP in the backend but the callbacks will be forced through our WebView using the loadurl()) method in Android Studio.

This is the code for insert.php:

<?php  
if (isset($_GET['word']) && !empty($_GET['word']) && !empty($_GET['antonym']) ) {

$conn = mysqli_connect("localhost", {username}, {password}, {database-name});

 if(! $conn ) {
               die('Could not connect: ' . mysql_error());
            }

$word = $_GET['word'];
    $antonym = $_GET['antonym'];

$sql = "INSERT INTO `testdata`(`Word`, `Antonym`) VALUES ('$word','$antonym')";

$result = mysqli_query($conn, $sql);

    if (!$result) {
    trigger_error('Invalid query: ' . $conn->error);
    }
    else {
      echo "Inserted successfully!";
  }

}

else if ( isset($_GET['word']) && empty($_GET['word']) && empty($_GET['antonym'])) {
 header("location: test.php");
}

?>
<!DOCTYPE html>
<html>
<body>

<form action="test.php" method="get">
Word: <input type="text" name="word" /><br>
Antonym: <input type="text" name="antonym" /><br>
<button type="submit">Submit</button> 
</form>

</body>
</html>

{username}- either root or a custom username set in the for the MySQL server.

{password}- If set, mention the custom password for your phpmyadmin server.

{database-name}- Mention the DB name you’ve created which you’ll be using for storing the data.

Similarly you need to create a delete.php too:

<?php  
if (isset($_GET['word']) && !empty($_GET['word']) && !empty($_GET['antonym'])) {

$conn = mysqli_connect("localhost", {username}, {password}, {database-name});

   if(! $conn ) {
               die('Could not connect: ' . mysql_error());
            }

$word = $_GET['word'];
    $antonym = $_GET['antonym'];

$sql = "DELETE FROM `testdata` WHERE `Word` = '$word' OR `Antonym` = '$word' ";

$result = mysqli_query($conn, $sql);

        if (!$result) {
        trigger_error('Invalid query: ' . $conn->error);
        }
        else {
          echo "Deleted successfully!";
      }     
}

else if ( isset($_GET['word']) && empty($_GET['word']) && empty($_GET['antonym'])) {
   header("location: test2.php");
}
?>
<!DOCTYPE html>
<html>
<body>

<form action="test2.php" method="get">
Word: <input type="text" name="word" /><br>
Antonym: <input type="text" name="antonym" /><br>
<button type="submit">Submit</button> 
</form>

</body>
</html>

Let’s code for our application, so this is the code for the MainActivity.java file:

Check out the detailed code at the endCheck out the detailed code at the end

And for our XML layout file:

Now, here’s how security plays an important part here:

  1. As we use PHP’s GET Method, it is not suitable for passing sensitive information such as any user credentials, because these are fully visible in the URL query string as well as likely stored in the client browser’s memory as a visited page.

  2. Also the assignment of data is to an environment variable by the GET Method which eventually limits the length of the URL so there is a restriction for the total data to be sent.

The bottom line is, IT IS NOT RECOMMENDED to use GET METHOD for commercial/big scale web projects. Although it can be used for your personal mini-projects which are hosted locally.

I have made a file, update.php, for updating the words and antonyms too. You can have a look at it from the link at the end of the article. Also I didn’t use any HTTP Parsing library such as Retrofit or Volley.

This is how you can view the operations of the app from Android Studio’s Emulator and the MySQL server:

GitHub link: https://github.com/Maddoxx88/webview-php

Tools used: ScreenToGif, Windows 10 Screen Recorder

IDEs/Editors: Android Studio, Sublime Text

Server: XAMPP

Did you find this article valuable?

Support Sunit Shirke by becoming a sponsor. Any amount is appreciated!

AndroidAndroid StudioPHPMySQL