Right now I am looking at the code that someone wrote in PHP where following three things are happening:
1) PHP based HTML form is accepting some user entered values.
2) A java webservice is called within the PHP page using a URL
http://localhost:9090/myfolder/rest/mystuff and all the form based parameters are appended in the URL .
3) In order to get the response, the following is the next step done in the PHP page:
$rCURL = curl_init();
curl_setopt($rCURL, CURLOPT_TIMEOUT, 6000);
curl_setopt($rCURL, CURLOPT_URL, $request);
curl_setopt($rCURL, CURLOPT_HEADER, 0);
curl_setopt($rCURL, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($rCURL);
I can see the response on the browser but I am not sure the person who has done this has used an additional step of calling java webservice as shown above. That Java webservice is done using JAX-RS API and then the war is deployed on the JBOSS server. Seems like a lot of additional work to me. All the java webservice does is calls a oracle stored procedure.
I am wondering if it's a good idea to skip the Java webservice related step and send the form based parameters by opening a oracle connection from the PHP page and calling a oracle based stored procedure? Is it a good way to go about it? OR could there be any security/safety concerns of directly opening a database connection from the PHP page itself? Please advise.
Thanks in advance !