0

What if I pass my searching params in uri request in json-format like this:

http://example.com/?search={"title":"Some+Title","category":12}

instead of

http://example.com/?title=Some+Title&category=12

Before decode json-request I can filter it with some functions like strip_tags(), strpslashes(), etc... But I can do the same with $_SERVER['QUERY_STRING'] with serialize()/unserialize(). Or apply string-filters to N string-params of request, not once to whole request.

Which way do you think will be better, usable and faster to process?

With json

$request = $_GET['search'];
$request = stripslaches(strip_tags($request));
$params  = json_decode($request);
Oswald
  • 31,254
  • 3
  • 43
  • 68
mikatakana
  • 503
  • 9
  • 22

4 Answers4

1

The characters { and } are unsafe according to RFC 1738 2.2. They must therefore be encoded before being transferred over a network.

The character : is reserved according to RFC 1738 2.2. It must therefore be encoded before being transferred over a network unless it is used for the purpose for which it was reserved.

Don't use $request = striplashes(strip_tags($request)). If $_GET['search'] does not json_decode sucessfully, treat it as faulty input; don't try to fix it.

Oswald
  • 31,254
  • 3
  • 43
  • 68
0

Sending an encoded JSON string is possible, as any string (you should urlencode and urldecode it though, no stripping needed) but it's not really a good way to do it - use the standard way of passing data in request - if you have only simple data to send, just translate it into traditional GET variables (it's really easy, e.g. with http_build_query as Tomasz suggests). You may also run into difficulities with the request URI length (see What is the maximum length of a URL in different browsers?) if you pack too much data into the JSON object.

Community
  • 1
  • 1
Czechnology
  • 14,832
  • 10
  • 62
  • 88
0

Isn't it better to use http_build_query instead of passing JSON throw URL? HTTP_build_query is specially designed to pass data throw url params.

Applying this filter to whole param_str of URL may cause unexpected behaviour, besides fact that is actually little bit faster. I think that you should pass every one parameter throw your filter functions.

Tomasz Banasiak
  • 1,540
  • 2
  • 13
  • 19
-1

Why don't you just represent everything with JSON?

http://www.example.com/{"article":"something","page":12,"fragment":"#menu"}

Query strings are already used to represent flat lists of key-value pairs, so what problem does your JSON solution solve? You'll just be adding a new layer of complexity without any benefits.

Blender
  • 289,723
  • 53
  • 439
  • 496