A little google, decided to tie through PHP. Before that, I never worked with PHP.
Communication is established, confuses only the fact that the connection to the base (I did exactly as in the example) goes through the connect.php, which contains a login and password to dB. I am worried about the issue of security: what you can change and replenish the base, bypassing the application itself. You just need to know the names of the scripts and the address of the server. Perhaps it makes sense to rewrite scripts so that each time they take the database with a database and password from the query, post or get method.
Tell me, please, competent exit.
As an idea of a large load on the DB should not be, but the data that is stored in it should not fall or be changed by the attacker. The client is quite serious and do not want to bring it) I would even consider the replacement of PHP to a more appropriate option if it makes sense. And yes, I’m newcomer, almost without experience, so do not throw stones)
Answer 1, Authority 100%
For such tasks, there is a so-called three liter architecture: client – server application – database. Currently, there are several options for communicating the server (server application) with a client. But I recommend to stop at the WebSocket – he has many advantages, but one should select – browsers and applications can work on this protocol. I recommend producing PHP replacement on Java (especially as the Android is usually written on (almost) Java), to replace WSS to WS secrecy. WS / WSS saves traffic, load on the server, … In general, my practice shows only the advantages.
PS
By your option – http://habrahabr.ru/company/xakep/blog/256665/
Answer 2, Authority 67%
Working through a specific API, you limit the ability to change the database frames of this API.
Keeping in the application Password to the database, you give full access to the base at all.
So no one ever binds android with MySQL. Any application must be associated with the server API. Which is sent not a ready-made request, but a specific command and data. Just as this is done on websites: the browser is not associated with the database. He makes a request to the site, and the site already forms SQL for database.
Your application should work in the same way. At the same time, of course, making all the necessary checks (authorization, verification of rights, and so on).
And you do not need to be afraid of access and data changes.
Say, the address of the stack overflow servers, or there Yandex mail is known to everyone. The names of the scripts see also easy. Asking a question or sending a letter, you undoubtedly change the data in the database. Someone scares it?
Answer 3
You open full access to the database. So applications are not written. I understand the server on the Internet? It makes sense to transfer PHP scripts to the same server, and send requests to them from the application.
For example, I write messenger under Android. It sends data in JSON format to the PHP server, and already PHP works with MySQL.