Right now I am looking at the code that someone wrote in PHP where following three things are happening:
PHP based HTML form is accepting some user entered values.
A java webservice is called within the PHP page using a URL http://localhost:9090/myfolder/rest/mystuff and all the form based parameters are appended in the URL .
In order to get the response, the following is the next step done in the PHP page:
I can see the response on the browser but I am not sure the person who has done this has used an additional step of calling java webservice as shown above. That Java webservice is done using JAX-RS API and then the war is deployed on the JBOSS server. Seems like a lot of additional work to me. All the java webservice does is calls a oracle stored procedure.
I am wondering if it’s a good idea to skip the Java webservice related step and send the form based parameters by opening a oracle connection from the PHP page and calling a oracle based stored procedure? Is it a good way to go about it? OR could there be any security/safety concerns of directly opening a database connection from the PHP page itself? Please advise.
I’d skip the direct connection to the database piece unless you’re sure that the Java service will be dying soon. I suggest this because adding a database layer to this will balloon into more than what you may be volunteering to bite off, namely things like juggling the various combinations of successful database connection and interaction logic, dealing with sanitizing and parameterization of inputs, writing queries that need to be prepared and used whereby you then get into troubleshooting those if they don’t work for whatever reasons (which then gets you into dealing with whatever DBAs to verify permissions of whatever accounts should be used for the database connections and interactions)… It gets hairy if you go down that route, so again, I’d shy away from that unless you know the Java thing is about to die off.
All that being said (and based on what I’ve been able to interpret from your post) it sounds like all you’re trying to do here is submit a simple CURL request against an endpoint which accepts query string parameters but for whatever reasons, it’s not working or isn’t showing output / responses you expect. Am I correct?
To start with, the $request variable above isn’t shown with its corresponding assignment / definition. Can you provide that? What does the URL look like? (If you can’t post the verbatim URL due to privacy / proprietary reasons, then substitute the URL string literal with something fake but using the same formatting so that we can have an idea about what’s being submitted.) What HTTP responses do you get? Have you used any developer tools to examine the response data itself?
Beyond all this, I’d get with the Java application’s provider to see if their endpoint expects something you may not realize it’s needing.