Should i use public/private key encryption in this case?

I have an iPhone app and a backend php web app.

The php site stores some information and i have to use the iPhone app to retrieve that data and show it in it.

So, suppose the iphone app has to show a list of houses for a given user, it would call the folllowing php script

http://example/process.php?user=300

That script makes the sql query and returns an xml with the houses' data.

Should i at any point encrypt anything to prevent spoofing?

Another case, for example admob for each app generates a "publisher id" that is used in the iphone app to "connect" the app with the web app, is that "publisher开发者_开发问答 id" used as a private key to encrypt/decrypt the data sent/received?

Thanks

Does the user have to authenticate? If so, it would be better to generate a token on the server after the authentication step, and use that token in subsequent webservice calls.

e.g.:

http://example/login.php?login=xxx&pw=yyyy

=> returns token 80a8b97c0c8941e1b290bdf33f3124de if successful

Then instead of passing a user id, pass the token:

http://example/process.php?token=80a8b97c0c8941e1b290bdf33f3124de