android和RESTful Web服务实现

I develop and a android app and associated web service. This web service will be accessed from my app only. It is not public. I have read the REST standard and understood various Http methods GET,POST,PUT...etc. For my app i use POST only

In my php code i process request and send response messages. If someone asks whether it is as per REST standard or not?. I don't' know what to say. Is there any problem in my code. The attached is my php and android code. Here i am updating address of a person from mobile to the web server. Code work ok as of now.

-- php


$connect = mysql_connect("","melon","my password") or die("jothi can't' connect");
mysql_select_db("taxidata") or die("no database");

if (!empty($_POST)) 
  //check username already exists
  $query = mysql_query("SELECT * FROM drivertable WHERE userid = '$username'"); 
  $numrows = mysql_num_rows($query);

  if($numrows == 0 )
    $response["success"] = 0; 
    $response["message"] = "username doesn't'exists"; 
    //create new account
    $query = mysql_query("UPDATE drivertable SET dadd='$gyshadd', mobile='$gyshphone' WHERE userid='$username'");
    $response["success"] = 1; 
    $response["message"] = "Address update success"; 

  $response["success"] = 0; 
  $response["message"] = " One or both of the fields are empty "; 


android code executed from async task

  private static final String ADDRESS_URL = "";

List<NameValuePair> params = new ArrayList<NameValuePair>(3);
                params.add(new BasicNameValuePair("username", username));
                params.add(new BasicNameValuePair("address", daddress));
                params.add(new BasicNameValuePair("phone", phone));

 HttpClient httpclient = new DefaultHttpClient();
 HttpPost httppost = new HttpPost(ADDRESS_URL);
 httppost.setEntity(new UrlEncodedFormEntity(params));
 HttpResponse response = httpclient.execute(httppost);
 String json = EntityUtils.toString(response.getEntity());
 JSONObject myObject = new JSONObject(json);



至少对于您提供的示例,可以将其视为RESTful。 话虽如此,除非您没有进行任何数据检索(GET)或资源创建(PUT),否则在您的应用中只使用POST是很奇怪的。</ p>

另请注意,REST不是 一个“标准”但更多的风格/最佳实践/模式(参见维基百科条目), 所以如果它符合你的需要,一些偏差就可以了。</ p>

最后,如果应用程序做了很多web服务,最好使用REST库删除了大部分苦差事。</ p>
</ div>



At least for the example you gave, it can be considered RESTful. Having said that, unless you are not doing any data retrieval (GET) or resource creation (PUT), it's strange that only POST is used in your app.

Also note that REST is not a "standard" but more of a style/best practice/pattern (see Wikipedia entry), so some deviation is fine if it fits your needs.

Lastly, if the app does a lot of web service stuff, it may be better to use a REST library that removes most of the drudgery.

虽然我可以理解您可能希望获得代码的反馈。 我不确定我是否应该回答或评论,因为这最终会被置之不理</ p>

无论如何,有2个问题</ p>

  1. SQL注入,而不是将变量直接放入SQL字符串中。 尝试使用像 PDO 这样准备好陈述的内容</ li>
    < li>你的POST更像是一个表单POST,可以说不是REST。 尝试通过请求有效负载发送POST。 详细了解差异此处 </ li>
    </ ol>
    </ div>



While I can understand that you might want to get feedbacks for your code. I'm not sure if I should answer or comment as this can end up being opinionated

Anyhow, there are 2 concerns

  1. SQL injection, rather than putting a variable directly into SQL string. Try use something like PDO which has prepared statements
  2. Your POST in more like a form POST, which is arguably not REST. Try to send POST via a request payload. Read more about the difference here

Csdn user default icon