Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Build Brilliant Client/Server Apps with J2ME, PHP, and MySQL : Page 4

In this article you'll see how to make the three technologies work together by developing a simple and useful application that lets you update a multi-user blog and download the latest posts from it.




Application Security Testing: An Integral Part of DevOps

The Server-side Code
Two server-side scripts are responsible for storing (post_sender.php) and retrieving (post_retriever.php) posts. Here's the code to store a post:

<?php header("Content-type: text/plain"); require("config.inc.php"); //retrieve the data $username = trim($_GET["username"]); $password = trim($_GET["password"]); $title = trim($_GET["title"]); $text = trim($_GET["text"]); //connect to the DB $db = connect(); //set the query to check the credentials $query = "SELECT username, password FROM users WHERE username='$username' AND password='$password'"; //execute it $result = mysql_query($query, $db); if(mysql_num_rows($result) == 0) { // wrong credentials echo "Wrong username and/or password"; die(); } else { //right credentials //retrieve the current date $date = date("Y-m-d H:i:s"); $text = addslashes($text); //set the query $query = "INSERT INTO posts(author, postingDate, title, text) VALUES('$username', '$date', '$title', '$text')"; //execute it $result = mysql_query($query, $db); if(!$result) { echo "Post not sent. Try again later"; } else { echo "Post sent correctly"; } } mysql_close($db); ?>

The preceding script first retrieves the data sent by the client—username, password, title, and text. Then it checks the validity of the credentials. If they are invalid, the script returns an error message; otherwise it stores the post and sends a success notification back to the client. Similarly, the post_retriever script first checks the credentials and when they're valid, retrieves the latest post sent by the author supplied as a parameter. Here is the code:

<?php require("config.inc.php"); //retrieve the data $username = trim($_GET["username"]); $password = trim($_GET["password"]); $aut = trim($_GET["author"]); //connect to the DB $db = connect(); //set the query to check the credentials $query = "SELECT username, password FROM users WHERE username='$username' AND password='$password'"; //execute the query $result = mysql_query($query, $db); if(mysql_num_rows($result) == 0) { // wrong cedentials echo "Wrong username and/or password"; die(); } else { //right credentials //set the query to extract the latest post from the author $author $query = "SELECT author, postingDate, title, text FROM posts WHERE author='$aut' ORDER BY id DESC LIMIT 0,1"; //execute it $result = mysql_query($query, $db); if(mysql_num_rows($result) == 0) { echo "No post present from the author $aut"; die(); } else { $rawPost = ""; while(list($author, $postingDate, $title, $text) = mysql_fetch_array($result)) { $text = stripslashes($text); //put the post in the form author|date|title|text $rawPost .= $author."|".$postingDate."|".$title."|".$text; } echo $rawPost; } } mysql_close($db); ?>

You might have noticed that both scripts include the file config.inc.php, which contains the database-related functions.

Limitations and Improvements
Of course, this is not a complete application. Indeed, you might improve it in many ways. One improvement would be to store the retrieved posts locally using RMS. Another is to let users download more than one post at a time using a date range as a selection parameter. The principal limit of the application as shown is that it uses the HTTP GET method, which limits the number of characters you can send in the query string. The POST method would have been a better choice but using it here would have shifted the article's focus away from J2ME/PHP/MySQL interaction. If you plan to enhance this example for production purposes, I'd suggest you start by switching the application to use the POST method.

Alessandro Lacava is a software developer and technical writer based in Italy. He is mainly interested in Java and .NET technologies, Web applications and telecommunication systems. Alessandro holds a degree in telecommunications engineering. You can reach him via his Web site.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date