如何安全地将数据发布到mysql

Question

我准备将我的数据收集（使用arduino Yun）从我的本地虚拟服务器迁移到实时网站。以下是我用来发布和接收数据的两个文件。在将数据加载到数据库之前，不需要与数据进行任何人工交互。不止一个设备将上传数据，这就是为什么我想使用receiver.php文件。

我想知道是否有人愿意帮助我以安全的方式教育我实施以下内容。我并不关心有人拦截数据，只是不想让别人弄乱我的数据库。

post.py（在Arduino Yun上）

#!/usr/bin/python

import sys
import sqlite3 as sqlite
import requests
import json

url = 'http://xxx.xxx.x.x/reciever.php'
headers = {'content-type': 'application/json'}

def dict_factory(cursor, row):
    d = {}
    for idx, col in enumerate(cursor.description):
        d[col[0]] = row[idx]
    return d

con = sqlite.connect('/mnt/sda1/sensor_flow.db')
con.row_factory = dict_factory
cur = con.cursor()

cur = con.execute("SELECT * FROM data_log")
recs = cur.fetchall()
data=dict(payload=json.dumps(recs))
#print data
con.commit()
con.close()

response = requests.post(url, data=dict(payload=json.dumps(recs)))

print response

Receiver.php（在服务器上）

<?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "practice";

    $conn = new mysqli($servername, $username, $password, $dbname);
    if( $conn->connect_error ) die("Connection failed: " . $conn->connect_error);
    $payload_dump = $_POST['payload'];

    $payload_array = json_decode($payload_dump,true);

    if( is_array( $payload_array ) ){

        $queries=array();

        foreach( $payload_array as $row ){
            //get the data_payload details
            $device = $row['device'];
            $type = $row['data_type'];
            $zone = $row['zone'];
            $sample = $row['sample'];
            $count = $row['count'];
            $time = $row['date_time'];
            $epoch = $row['epoch_stamp'];

            /*note: we do not need to add the semi-colon here as it gets added later when we implode the array */
            $queries[]="INSERT INTO `data` ( `device`, `type`, `zone`, `sample`, `count`, `date_time`, `epoch_stamp` ) VALUES ('$device', '$type', '$zone', '$sample', '$count', '$time', '$epoch')";
        }
        /*
            Previously the below query was being execute on every iteration
            ~ because $epoch is now the last one encountered in the array, 
            the value that is updated in ALL records is as it would have been
            previously.
        */
        $queries[]="UPDATE `data` SET `date_time` = from_unixtime( $epoch ) WHERE date_time = 0;";

        $sql=implode( ';', $queries );
        if ( $conn->multi_query( $sql ) === TRUE ) {
            echo "New records created and updated successfully";
        } else {
            echo "Error: " . $sql . "<br>" . $conn->error;
        }
    }
    $conn->close();

?>

如果我的代码有问题你能解释为什么它也是一个问题吗？

感谢您提前获取任何帮助！