Home/ Questions/Q 6826893
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T22:12:06+00:00

I’ve a MySql database hosted in my web site, with a table named UsrLic

  • 0

I’ve a MySql database hosted in my web site, with a table named UsrLic
Where any one wants to buy my software must register and enter his/her Generated Machine Key (+ username, email …etc).

So my question is:

I want to automate this process from my software, how this Process will be?
Should I connect and update my database directly from my software ( and this means I must save all my database connection parameters in it * my database username , password , server * and then use ADO or MyDac to connect to this database ? and if yes how secure is this process ?

or any other suggestions .

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I recommend creating an API on your web site in PHP and calling the API from Delphi.

    That way, the database is only available to your web server and not to the client application, ever. In fact, you should run your database on localhost or with a private IP so that only machines on the same physical network can reach it.

    I have implemented this and am implementing it again as we speak.

    PHP

    Create a new file named register_config.php. In this file, setup your MySQL connection information.

    Create a file named register.php. In this file, put your registration functions. From this file, include ‘register_config.php’. You will pass parameters to the functions you create here, and they will do the reading and writing to your database.

    Create a file named register_api.php. From this file, include ‘register.php’. Here, you will process POST or GET variables that are sent from your client application, call functions in register.php, and return results back to the client, all via HTTP.

    You will have to research connecting to and querying a MySQL database. The W3Schools tutorials will have you doing this very quickly.

    For example:

    Your Delphi program calls https://mysite/register_api.php with Post() and sends the following values:

    name=Marcus
email=marcus@gmail.com

    Here’s how the beginning of register_api.php might look:

    // Our actual database and registration functions are in this library
include 'register.php';

// These are the name value pairs sent via POST from the client
$name = $_POST['name'];
$email = $_POST['email'];

// Sanitize and validate the input here...

// Register them in the DB by calling my function in register.php
if registerBuyer($name, $email) {
  // Let them know we succeeded
  echo "OK";
} else {
  // Let them know we failed
  echo "ERROR";
}

    Delphi

    Use Indy’s TIdHTTP component and its Post() or Get() method to post data to register_api.php on the website.

    You will get the response back in text from your API.

    Keep it simple.

    Security

    All validation should be done on the server (API). The server must be the gatekeeper.

    Sanitize all input to the API from the user (the client) before you call any functions, especially queries.

    If you are using shared web hosting, make sure that register.php and register_config.php are not world readable.

    If you are passing sensitive information, and it sounds like you are, you should call the registration API function from Delphi over HTTPS. HTTPS provides end to end protection so that nobody can sniff the data being sent off the wire.

    Simply hookup a TIdSSLIOHandlerSocketOpenSSL component to your TIdHTTP component, and you’re good to go, minus any certificate verification.

    Use the SSL component’s OnVerifyPeer event to write your own certificate verification method. This is important. If you don’t verify the server side certificate, other sites can impersonate you with DNS poisoning and collect the data from your users instead of you. Though this is important, don’t let this hold you up since it requires a bit more understanding. Add this in a future version.

    • 0