drix47193 2017-07-11 06:33
浏览 85

在REST API中哪个更好使用POST参数或JSON?

In previous projects I worked on, our API would take and validate each POST argument individually by value:

$username   = isset($_POST['username']) ? $_POST["username"] : null;
$password   = isset($_POST['password']) ? $_POST["password"] : null;

Multidimensional arrays can be a bit tricky this way, though.

For a new project, I am consider a more object-oriented approach, and taking the JSON needed to construct objects instead of each individual field:

$user       = isset($_POST['user'])     ? new User($_POST['user']) : null;

Which practice is more common, and why? Are there extra security risks using one or the other?

  • 写回答

2条回答 默认 最新

  • doudao9896 2017-07-11 06:45
    关注

    There aren't any security advantages over either. If someone intercepts the request then they will be able to see the POST data whether it is in different arguments or just the body.

    Make sure that you are using SSL to prevent prying eyes.

    As far as JSON body vs POST arguments, it really depends on how you will be using the API. Are you going to use a front-end JS framework or jQuery? Then JSON will probably be easier for you. Does your API return JSON? Then it should probably accept JSON too.

    Remember that you could always handle different content types based on the Content-Type header!

    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog