android and RESTfull web service implementation

Question

I develop and a android app and associated web service. This web service will be accessed from my app only. It is not public. I have read the REST standard and understood various Http methods GET,POST,PUT...etc. For my app i use POST only

In my php code i process request and send response messages. If someone asks whether it is as per REST standard or not?. I don't' know what to say. Is there any problem in my code. The attached is my php and android code. Here i am updating address of a person from mobile to the web server. Code work ok as of now.

-- php

<?php 
$username=$_POST["username"]; 
$gyshadd=$_POST["address"];
$gyshphone=$_POST["phone"];

$connect = mysql_connect("127.0.0.1","melon","my password") or die("jothi can't' connect");
mysql_select_db("taxidata") or die("no database");

if (!empty($_POST)) 
{ 
  //check username already exists
  $query = mysql_query("SELECT * FROM drivertable WHERE userid = '$username'"); 
  $numrows = mysql_num_rows($query);

  if($numrows == 0 )
  { 
    $response["success"] = 0; 
    $response["message"] = "username doesn't'exists"; 
    die(json_encode($response)); 
  } 
  else
  { 
    //create new account
    $query = mysql_query("UPDATE drivertable SET dadd='$gyshadd', mobile='$gyshphone' WHERE userid='$username'");
    $response["success"] = 1; 
    $response["message"] = "Address update success"; 
    die(json_encode($response)); 
  } 

} 
else
{ 
  $response["success"] = 0; 
  $response["message"] = " One or both of the fields are empty "; 
  die(json_encode($response)); 
} 
mysql_close();

?>

---

android code executed from async task

  private static final String ADDRESS_URL = "http://www.xyz123.com/test/updateaddress.php";



List<NameValuePair> params = new ArrayList<NameValuePair>(3);
                params.add(new BasicNameValuePair("username", username));
                params.add(new BasicNameValuePair("address", daddress));
                params.add(new BasicNameValuePair("phone", phone));

 HttpClient httpclient = new DefaultHttpClient();
 HttpPost httppost = new HttpPost(ADDRESS_URL);
 httppost.setEntity(new UrlEncodedFormEntity(params));
 HttpResponse response = httpclient.execute(httppost);
 String json = EntityUtils.toString(response.getEntity());
 JSONObject myObject = new JSONObject(json);

————————

Answer 1

At least for the example you gave, it can be considered RESTful. Having said that, unless you are not doing any data retrieval (GET) or resource creation (PUT), it's strange that only POST is used in your app.

Also note that REST is not a "standard" but more of a style/best practice/pattern (see Wikipedia entry ), so some deviation is fine if it fits your needs.

Lastly, if the app does a lot of web service stuff, it may be better to use a REST library that removes most of the drudgery.

Answer 2

While I can understand that you might want to get feedbacks for your code. I'm not sure if I should answer or comment as this can end up being opinionated

Anyhow, there are 2 concerns

1. SQL injection , rather than putting a variable directly into SQL string. Try use something like PDO which has prepared statements
2. Your POST in more like a form POST, which is arguably not REST. Try to send POST via a request payload. Read more about the difference here