php 串接数据之考量事宜

动机:使用 php程式 设计数据串接时应考量那些事情呢?!

准备环境:
1.Client: Windows 10
2.Server: Red Hat Linux

实作步骤:( 本程式码仅提供 Server 端)
1.在 MySQL 中开设一个专用帐号权限(account/password in database)

2.考虑运用 RESTful api 方式来撰写较简单、易读、方便维护(档案存取权限 r–r–r–)…如下
[cc]// get the HTTP method, path and body of the request
$method = $_SERVER[‘REQUEST_METHOD’];
$request = explode(‘/’, trim($_SERVER[‘PATH_INFO’], ‘/’));
$input = json_decode(file_get_contents(‘php://input’), true);

// connect to the mysql database
$link = mysqli_connect(‘127.0.0.1’, ‘account’, ‘password’, ‘database’);
mysqli_set_charset($link, ‘utf8’);

// retrieve the table and key from the path
$table = preg_replace(‘/[^a-z0-9_]+/i’, ”, array_shift($request)); // table name
if ($table != ‘tablename’) return null;
// $key_id = array_shift($request) + 0;
$key_id = preg_replace(‘/[^A-Z0-9_]+/i’, ”, array_shift($request)); // PID
if(isset($_GET[“after_date”]))
$after_date = $_GET[“after_date”]; // after one date

// escape the columns and values from the input object
$columns = preg_replace(‘/[^a-z0-9_]+/i’, ”, array_keys($input));
$values = array_map(function ($value) use ($link) {
if ($value === null) return null;
return mysqli_real_escape_string($link, (string)$value);
}, array_values($input));

// build the SET part of the SQL command
$set = ”;
for ($i = 0; $i < count($columns); $i++) { $set.= ($i > 0 ? ‘,’ : ”).’`’.$columns[$i].’`=’;
$set.= ($values[$i] === null ? ‘NULL’ : ‘”‘.$values[$i].'”‘);
}

// create SQL based on HTTP method
switch ($method) {

case ‘GET’:
$sql = “SELECT * FROM `$table`”.($key_id ? ” WHERE PID = ‘$key_id’ AND Check_Date >= ‘$after_date’ ORDER BY `Check_Date` DESC” : “”); break;
case ‘PUT’:
$sql = “update `$table` set $set where id=$key_id”; break;
case ‘POST’:
$sql = “insert into `$table` set $set”; break;
case ‘DELETE’:
$sql = “delete `$table` where id=$key_id”; break;
}

// excecute SQL statement
$result = mysqli_query($link, $sql);

// die if SQL statement failed
if (!$result) {
http_response_code(404);
die(mysqli_error());
}

// print results, insert id or affected row count
if ($method == ‘GET’) {
if (!$key_id) echo ‘[‘;
for ($i = 0 ; $i < mysqli_num_rows($result); $i++) { echo ($i > 0 ? ‘,’ : ”).json_encode(mysqli_fetch_object($result));
}
if (!$key_id) echo ‘]’;
} elseif ($method == ‘POST’) {
echo mysqli_insert_id($link);
} else {
echo mysqli_affected_rows($link);
}

// close mysql connection
mysqli_close($link);

3.考虑利用 Header 中加入 access token 来限制 request 的对象(採用OAuth2也不赖)…如下
function getHeader_var($name) {
if (function_exists(‘apache_request_headers’)) {
return isset(apache_request_headers()[$name]) ? apache_request_headers()[$name] : ”;
}

$name = ‘HTTP_’ . strtoupper(strreplace(‘-‘, ‘_’, $name));
return isset($_SERVER[$name]) ? $_SERVER[$name] : ”;
}
// echo getHeader_var(‘X-AUTH-TOKEN’);
if (getHeader_var(‘X-AUTH-TOKEN’) != ‘999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999’)

die(‘token error!!’);[/cc]

4.测试方式,如下
[cc]curl -H ‘X-AUTH-TOKEN: 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999’ https://www.demo.com.tw/cgi-bin/crudapi.php/tablename/G123456789?after_date=20181229[/cc]

心得:其实,上述程式少考量了许多的层面,例如: 留存log于MySQL’s table、限制连接IP或时段…等等!!

素材猫为您提供网站源码,为中小站长服务。
素材猫 » php 串接数据之考量事宜

发表评论