How to make a public JSON API
Loading...
Uploader Comments (optikalefxx)
Top Comments
-
2:40 $_GET['method') ...... hehe :D
11 months ago 5
All Comments (26)
-
@optikalefxx True, I understand no need to get into security with a simple tutorial focused on one topic but just to let the ones who come to this before actually taking the time to learn the language and the web a heads up.
-
do we need to stab the body :p
-
fock, you saved my life. I have been trying to understand how all those things should be done and know i got hell out of it.
thanks dude :)
-
How do I add a parameter (like an id) from the api method, and pass it in?
i.e. function getThisUser($id=$_GET['userid'
]){ $sql = mysql_query("SELECT * FROM users WHERE id = "$_GET['userid']);}
This doesnt seem to work, maybe I'm not initializing or capturing the url value properly.
Please help? This would be very useful if I could pass in variables from the url into the api methods. Thanks!
- 6:48
How to make a Private APIby optikalefxx2,952 views
- 4:24
jquery ajax and json are awesomeby optikalefxx19,382 views
- 9:56
login script with jquery and phpby optikalefxx20,875 views
- 8:38
Javascript Object to a PHP Objectby optikalefxx3,813 views
- 6:25
JSON - PHP y Javascriptby giancarlospot7,199 views
- 4:23
What is an API?by marketingprofs82,192 views
- 8:05
Connect to MySQL server with xcodeby iGhalia7,712 views
- 4:20
Facebook Connect tutorial by Michael Maierby michaelmaier198911,702 views
- 12:59
Xcode: Lectura de JSONby MrMultiCodes1,453 views
- 5:24
Dashcode - JSON data list / Cross domain request using jQueryby pg1twitter1,656 views
- 6:47
Part 1 of 3: The Anatomy of a RESTful Web Serviceby batwingd26,969 views
- 4:34
JSONP Callbackby 411infoshare727 views
- 8:10
MVC & jQuery [2/3]by drlex3,521 views
- 3:06
Make an Outgoing Call Using the Twilio Rest API & PHPby TeamTwilio3,063 views
- 13:55
WCF REST Based JsonP (Json with padding) services, solution for cross domain issueby dotnetiq1755 views
- 3:29
Using the Google Translator API With PHPby Code2Learn674 views
- 11:30
Java - JASON (Javascript Object Notation) integrationby skoiloth803 views
- 6:42
JSON from MS-AJAX and ASP.NETby davidmbush10,228 views
- 9:48
Crear aplicaciones para Facebook usado la APIby loquenecesita9,407 views
- 9:37
Advanced JSON part 2by knzyp1,617 views
HUGE security implications of calling any random function out of all of php's library of choices.
Tchalvak 1 week ago
@Tchalvak Totally! You should have a Class with your methods in it, not use procedural functions. In real use, you need to keep your API in it's own class scope.
optikalefxx 1 week ago
@optikalefxx I actually just use a whitelist:
$valid_type_map = array('user'=>'json_user', 'user_search'=>'json_user_search', 'item'=>'json_item', 'item_search'=>'json_item_search', 'product'=>'json_product', 'product_search'=>'product_search'); $res = null; // If the function exists, pass the data to it and execute it, encode the results, then wrap the encoded results in the callback. if (isset($valid_type_map[$type]) && function_exists($valid_type_map[$type])) {
// Decode & call functions
Tchalvak 1 week ago
@Tchalvak But if you're doing your stuff in OOP which I recommend, then you don't have to keep an array, your methods on said class are your white list. You will use method_exists($this,"method_name") and it will keep scope. I use this idea in my php framework
optikalefxx 1 week ago
Personally with security concerns I'd have added some tests before calling a _GET variable as a functions. Also calling a _GET variable without checking if it is set will result in a PHP notice, not a bad thing but not good either.
SomaVIII 2 months ago
@SomaVIII Sorry I never responded to this. Yes there are big security flaws if this was a REAL api. This was just to show the basic principal. I think Ill make a secure versino of this so people can see what needs to be added
optikalefxx 1 week ago