以JSON格式处理POST请求

时间:2022-10-24 13:57:13

I'm trying to handle a POST request from a web service. It's sending an HTTP POST request like this:

我正在尝试处理来自Web服务的POST请求。它正在发送HTTP POST请求,如下所示:

{
"latitude":"12.232",
"longitude":"123.323"
}

It's posting to a PHP file on my server. I know that it is hitting the file for sure. However, I'm not getting the data.

它发布到我服务器上的PHP文件中。我知道它肯定会打到文件。但是,我没有收到数据。

In my PHP, I have this (leaving out a bunch of stuff:

在我的PHP中,我有这个(省略了一堆东西:

$json = file_get_contents('php://input');
$obj = json_decode($json);
$mine ="sixteen"; //using this for a test

$sql = "INSERT INTO rr_emergency (random) VALUES('$obj');";
$result = $dbh->query($sql)->fetchAll(PDO::FETCH_ASSOC);

This makes no change to my database.

这不会改变我的数据库。

If I do this instead:

如果我这样做:

$sql = "INSERT INTO rr_emergency (random) VALUES('$mine');";

Then "sixteen" is added in the right spot in a new row in my table each time the webservice calls my PHP. This is how I know I'm receiving data.

然后每次webservice调用我的PHP时,在我的表中的新行的正确位置添加“16”。这就是我知道我收到数据的方式。

NOTE: I was trying to simply add $obj into my table just to see the data format that's returned before I tried to properly parse it and put everything where it belongs.

注意:我试图简单地将$ obj添加到我的表中,只是为了查看在我尝试正确解析它并将所有内容放在其中之前返回的数据格式。

What am I doing wrong here? I think the problem is here ($json = file_get_contents('php://input');), but not sure what else to try.

我在这做错了什么?我认为问题在这里($ json = file_get_contents('php:// input');),但不知道还有什么可以尝试。

Thanks.

谢谢。

2 个解决方案

#1


3  

So there's a few problems

所以有一些问题

$obj = json_decode($json);

This will return an object. You want an array

这将返回一个对象。你想要一个数组

$obj = json_decode($json, true);

Then your PDO is incorrect

那你的PDO是不正确的

$sql = "INSERT INTO rr_emergency (random) VALUES(:val);";
$prep = $dbh->prepare($sql);
foreach($obj as $row) $prep->execute([':val' => $row]);

This will insert your data correctly (using a prepared statement) and loop over the JSON return data

这将正确插入您的数据(使用预准备语句)并循环JSON返回数据

#2


1  

You're trying to insert an object, when you really need a string. use:

当你真的需要一个字符串时,你正试图插入一个对象。使用:

$obj = json_decode($json, true)
$obj_str = implode(", ", $obj);
$sql = "INSERT INTO rr_emergency (random) VALUES('$obj_str');";

After I posted the above, you added:

发布以上内容后,您添加了:

I was trying to simply add $obj into my table just to see the data format

我试图简单地将$ obj添加到我的表中以查看数据格式

Objects do not inherently convert to strings, so putting $obj within your query doesn't work. The way I store objects in my DB when I've needed to, is to store the JSON notation directly.

对象本身并不转换为字符串,因此将$ obj放在查询中不起作用。我需要时在数据库中存储对象的方法是直接存储JSON表示法。

$json = file_get_contents("php://input");
$sql = "INSERT INTO rr_emergency (random) VALUES('$json')";

You lose the ability to perform filtering and selecting operations within the object, but it's an effective way to pack away data that you won't need the DB to parse through.

您将失去在对象中执行过滤和选择操作的能力,但这是一种有效的方法来收集您不需要DB解析的数据。

If you need well formatted, easy to read structure:

如果您需要格式良好,易于阅读的结构:

$obj = json_decode($json);
$obj_str = print_r($obj,true); //store formatted string
$sql = "INSERT INTO rr_emergency (random) VALUES('$obj_str');";

If as you said, all you need to do is "just see the data format", I suggest echoing to the screen or writing to a log file; do one of the following. To print to screen:

如果你说的话,你需要做的就是“只看数据格式”,我建议回应屏幕或写入日志文件;执行以下操作之一。要打印到屏幕:

print_r($obj);

To write to file:

要写入文件:

$filepath = "/path/to/file.txt"
file_put_contents($filepath,print_r($obj,true));

Important note

重要的提示

Entering text directly into your DB queries without escaping it makes you vulnerable to SQL injection attacks. Use prepared statements instead.

直接在数据库查询中输入文本而不转义它会使您容易受到SQL注入攻击。请改用预备语句。

#1


3  

So there's a few problems

所以有一些问题

$obj = json_decode($json);

This will return an object. You want an array

这将返回一个对象。你想要一个数组

$obj = json_decode($json, true);

Then your PDO is incorrect

那你的PDO是不正确的

$sql = "INSERT INTO rr_emergency (random) VALUES(:val);";
$prep = $dbh->prepare($sql);
foreach($obj as $row) $prep->execute([':val' => $row]);

This will insert your data correctly (using a prepared statement) and loop over the JSON return data

这将正确插入您的数据(使用预准备语句)并循环JSON返回数据

#2


1  

You're trying to insert an object, when you really need a string. use:

当你真的需要一个字符串时,你正试图插入一个对象。使用:

$obj = json_decode($json, true)
$obj_str = implode(", ", $obj);
$sql = "INSERT INTO rr_emergency (random) VALUES('$obj_str');";

After I posted the above, you added:

发布以上内容后,您添加了:

I was trying to simply add $obj into my table just to see the data format

我试图简单地将$ obj添加到我的表中以查看数据格式

Objects do not inherently convert to strings, so putting $obj within your query doesn't work. The way I store objects in my DB when I've needed to, is to store the JSON notation directly.

对象本身并不转换为字符串,因此将$ obj放在查询中不起作用。我需要时在数据库中存储对象的方法是直接存储JSON表示法。

$json = file_get_contents("php://input");
$sql = "INSERT INTO rr_emergency (random) VALUES('$json')";

You lose the ability to perform filtering and selecting operations within the object, but it's an effective way to pack away data that you won't need the DB to parse through.

您将失去在对象中执行过滤和选择操作的能力,但这是一种有效的方法来收集您不需要DB解析的数据。

If you need well formatted, easy to read structure:

如果您需要格式良好,易于阅读的结构:

$obj = json_decode($json);
$obj_str = print_r($obj,true); //store formatted string
$sql = "INSERT INTO rr_emergency (random) VALUES('$obj_str');";

If as you said, all you need to do is "just see the data format", I suggest echoing to the screen or writing to a log file; do one of the following. To print to screen:

如果你说的话,你需要做的就是“只看数据格式”,我建议回应屏幕或写入日志文件;执行以下操作之一。要打印到屏幕:

print_r($obj);

To write to file:

要写入文件:

$filepath = "/path/to/file.txt"
file_put_contents($filepath,print_r($obj,true));

Important note

重要的提示

Entering text directly into your DB queries without escaping it makes you vulnerable to SQL injection attacks. Use prepared statements instead.

直接在数据库查询中输入文本而不转义它会使您容易受到SQL注入攻击。请改用预备语句。