The previous architecture is the front-end PHP to do simple logic and output, the back-end layer of PHP Do data interface, so do not worry about the front end is blown back end MySQL is exposed.
But now want to change the front end to JS, if the API layer exposed and worry about the security of MySQL, see if you have any good way to avoid such problems?
Reply content:
The previous architecture is the front-end PHP to do simple logic and output, the back-end layer of PHP Do data interface, so do not worry about the front end is blown back end MySQL is exposed.
But now want to change the front end to JS, if the API layer exposed and worry about the security of MySQL, see if you have any good way to avoid such problems?
。。。 It can still be encapsulated by the back-end PHP, but the request becomes Ajax. You can consider the data format used by Ajax as JSON.
JS calls php,php again to access MySQL.
Do not say that you are in sql.php?sql=select * from table
this form of access.
If it is, it's hopeless.
If not, the security of data access is controlled by PHP, cookies, disposable tokens, etc.