Awesome, I know VaRest might not seem like the best option because of the added overhead but if you have that MySQL code as part of the client it might present issues down the road with hacking.
Atleast with VaRest and the webserver you can limit who can talk to the webserver to send these requests for data.
I have experience using VaRest but I am looking to come up with my own solution that doesn’t use PHP. This is something I am going to be working on over the next few months on our game and I’ll be happy to share my findings as I go.