如何使用xml格式的PHP创建安全的API？

Question

我有一个电子商务网站，定期进行交易。现在我们正在开发一个Android应用程序。因此我被要求使用PHP构建 API 。我制作的API是xml格式。但是现在，因为我将通过它发送登录凭据，我害怕有人会破解它。所以有人可以帮助我。

这是我使用php创建xml API的方式..

<?php

include 'config.php';
include 'database.php';

$sqlCat = "select category_id,image,name from table" ;
$categories = DatabaseHandler::GetAll($sqlCat);

$xml = new DomDocument("1.0","UTF-8");

$content = $xml->createElement("content");
$content = $xml->appendChild($content);

foreach($categories as $category) {
    $item = $xml->createElement("item");

    $catName = $xml->createElement("catName",htmlspecialchars($category['name']));
    $catName = $item->appendChild($catName);

    $catImage = $xml->createElement("catImage",htmlspecialchars($category['image']));
    $catImage = $item->appendChild($catImage);

    $sql = "select image,name,model,price,quantity from table;
    $results = DatabaseHandler::GetAll($sql);

    foreach($results as $key=>$result) {
        $product = $xml->createElement("product");
        $product->setattribute('id',$key);

        $model = $xml->createElement("model",$result['model']);
        $model = $product->appendChild($model);

        $name = $xml->createElement("name",htmlspecialchars($result['name']));
        $name = $product->appendChild($name);

        $image = $xml->createElement("image",htmlspecialchars($result['image']));
        $image = $product->appendChild($image);

        $price = $xml->createElement("price",$result['price']);
        $price = $product->appendChild($price);

        $product = $item->appendChild($product);    
    }

    $item = $content->appendChild($item);
}

$xml->FormatOutput = true;
$output = $xml->saveXML();
$xml->save("categories.xml");


?>

我以这种形式获得了xml ..

<content>
<item>
<catName>Comp</catName>
<catImage/>
<product id="0">
<model>156443</model>
<name>CD</name>
<image>109.jpg</image>
<price>48</price>
</product>
<product id="1">
<model>46876</model>
<name>memory card</name>
<image>81.jpg</image>
<price>12</price>
</product>
<product id="2">
<model>865793</model>
<name>drive</name>
<image>51.png</image>
<price>2</price>
</product>
</item>
</content>

有人可以判断我以XML格式生成API的方式是否正确。

Answer 1

不要让思考太复杂，让它像下面的代码一样简单

$ con = mysql_connect（＆＃34; localhost＆＃34;，＆＃34; root＆＃34;，＆＃34; root＆＃34;）或死亡（＆＃34;无法连接＆＃34; .mysql_error （））;

//select your database table

mysql_select_db("android_maps", $con) or die("Could not select database".mysql_error());

//get your results with a mysql query

$result = mysql_query("SELECT gmaps.*, urls.* FROM gmaps, urls WHERE urls.idgmaps = gmaps.idgmaps") or die(mysql_error());

//run a while loop get your data.

while($location = mysql_fetch_array($result)) {

$output = '<?xml version="1.0" encoding="utf-8"?>';
$output .= '<data>';
$output .= "<lat>".$location['lat']."</lat>";
$output .= "<long>.".$location['lon']."</long>";
$output .= "<description>.".$location['description']."</description>";
$output .= '</data>';
print $output;

}

mysql_close($con);

}else{

echo "<h1>No results to show for you query</h1>";

}

了解更多信息

http://teachingyou.net/php/php-api-development-dreaming-of-your-own-api-make-it-possible-today/