I want to implement the server part of a client-server application, Some sort of interaction between Android and PHP. but I don't know if there is a structured method for implementing server part in PHP. I use files like create-user.php that get parameters from Android app and do some queries on database and this works fine!! But this does not convince me. I have seen patterns like RestUtils::sendResponse(200, json_encode($output), 'application/json'); in * that do the same thing that i do, but in some good looking fashion.
我想实现客户端 - 服务器应用程序的服务器部分,Android和PHP之间的某种交互。但我不知道是否有一种在PHP中实现服务器部分的结构化方法。我使用像create-user.php这样的文件从Android应用程序获取参数并对数据库进行一些查询,这很好用!!但这并不能说服我。我见过RestUtils :: sendResponse(200,json_encode($ output),'application / json')等模式;在*中,我做了同样的事情,但是看起来很漂亮。
My questions:
-
if there are best practices please refer me to them.
如果有最佳实践,请转介给我们。
-
what is the best Request method (among GET and POST) for tasks like signup?
注册等任务的最佳Request方法(GET和POST)是什么?
-
how can I boost my applications security? I have a signin but this is a very common user & pass check. I this project was all on web I can use cookies to secure the app. But because of being client server I dont know how to boost security? if anyone without singing in request some of my php scripts I dont know how to prevent this.
如何提高我的应用程序安全性?我有一个登录但这是一个非常常见的用户和通过检查。我这个项目都在网上我可以使用cookie来保护应用程序。但由于是客户端服务器,我不知道如何提高安全性?如果有人没有唱歌请求我的一些PHP脚本,我不知道如何防止这种情况。
Please Help Me with referring me to pages.. Thanks in advance.
请帮我指教我的页面..提前致谢
1 个解决方案
#1
0
Here are my answers:
这是我的答案:
2) Both GET and POST can be used depending on what you are doing, normally GET is used for simply getting information, like pulling a user's info, POST is normally used for sending info, basically just about anything with a form submitting data.
2)GET和POST都可以根据你正在做的事情使用,通常GET用于简单地获取信息,比如提取用户的信息,POST通常用于发送信息,基本上只是提供表单提交数据的任何内容。
3) To help increase security you could just append another GET variable, then in your php the first thing you can do is see if that variable is set to the correct value. If not just kill the script. This way if someone by chance browses to 'yourdomain.com/create-user.php' it won't work, they would need to browse to 'yourdomain.com/create-user.php?appkey=189381823' or something like this.
3)为了帮助提高安全性,您可以添加另一个GET变量,然后在您的php中,您可以做的第一件事是查看该变量是否设置为正确的值。如果不是只是杀死脚本。这样,如果有人偶然浏览'yourdomain.com/create-user.php'它将无效,他们需要浏览'yourdomain.com/create-user.php?appkey=189381823'或类似的东西。
#1
0
Here are my answers:
这是我的答案:
2) Both GET and POST can be used depending on what you are doing, normally GET is used for simply getting information, like pulling a user's info, POST is normally used for sending info, basically just about anything with a form submitting data.
2)GET和POST都可以根据你正在做的事情使用,通常GET用于简单地获取信息,比如提取用户的信息,POST通常用于发送信息,基本上只是提供表单提交数据的任何内容。
3) To help increase security you could just append another GET variable, then in your php the first thing you can do is see if that variable is set to the correct value. If not just kill the script. This way if someone by chance browses to 'yourdomain.com/create-user.php' it won't work, they would need to browse to 'yourdomain.com/create-user.php?appkey=189381823' or something like this.
3)为了帮助提高安全性,您可以添加另一个GET变量,然后在您的php中,您可以做的第一件事是查看该变量是否设置为正确的值。如果不是只是杀死脚本。这样,如果有人偶然浏览'yourdomain.com/create-user.php'它将无效,他们需要浏览'yourdomain.com/create-user.php?appkey=189381823'或类似的东西。