It’s Possible You Can Capture MySQL Data With Non-Rooted Phone
I Have Huawei Nova 3i Android 9.1
I Test this in my phone and it’s work. you can capture all MySQL Requests and Reponses
1 Like
Same thing happens with browser also you can get response and request but you can’t normally hack that because query runs on server side not from client side.
Client doesn’t make any query its old time that query executed from client side now everything works mainly in server side.
1 Like
That’s exactly what I was going to quote …
I still don’t understand how they are getting into your database …
I think because I’m hungry and I haven’t had lunch yet …
You are passing SQL commands via Kodular POST blocks, is that it?
I run them on the server.
It was a good read and finally came to proper conclusion.
Best practice is to have your queries on the server side nd use android to just make a web connection.
Thank you @juananton1991 for your contribution. I saw your work and it’s really good. I know it is easier to write the code in your own language but I think you would help more people if it were written in English. Anyways keep up the good work. 
In this tutorial almost everything is in English, only some sentences are in Spanish:
IDENTIFICATION nombre de la base …
CONEXION…
The names of the variables each can put whatever they want Nombre, Ciudad …
I don’t think you have to be so strict on these matters.
I have my tutorials in Spanish:
http://kio4.com/appinventor/340D_appinventor_mysqli_inject.htm
But whenever I publish them in this community or in that of App Inventor, I adapt it to English, you can always sneak in a word or phrase in Spanish, but the code that is important is functional in any language.
By the way, if someone wants to see my tutorials in Spanish, you can find it at:
It seems that some do not agree with these ways, so I will try to appear less around here.
If you read again my post you will see that it is only a suggestion. Personally i don’t have problem, I can understand when something is a variable or text and what it means. Sorry if I gave you wrong impression.
@juananton1991 i was a huge fan of website kio4.com
Now today i come to know that you are its developer. its really great and helpful thanks for these contributions and no one wants u to go.
Always come up with your useful snippets and tutorials because they are really very helpful
i learnd a lot from your website.
Thanks again.
1 Like
Hello i have gone through this script its really hard to implement in kodular block .in Taifun Script we get two type of code if 200 data get sucess if 201 data update or insert success. also i found your script more secure than Taifun php script .but if add more function like if data you can use one web component .but in your script we have use several web component for each query. i am sorry i am a good in read or understand php code
Only one web component is required and using this script actually the blocks that you need are less. The “hardest thing” you have to do is to write/replace the procedures in the script according to your needs.
1 Like
Just need an help i have replace the code with my need my i am stuck on user login … the script does not have this code
Please provide more details i.e screenshots of your blocks etc
And create a new topic instead of asking here
Because this thread is related to mysql hacking and injections.
It would be nice if u create a new one for your question and do some search too
1 Like
i am finding the solution of that http sniff but there are only one solution but i dont know how to use in kodular any one can help