Home >Backend Development >PHP Tutorial >Defect analysis of ThinkPHP's built-in jsonRPC, thinkphp's built-in jsonrpc_PHP tutorial
This article analyzes the flaws of ThinkPHP’s built-in jsonRPC in more detail. Share it with everyone for your reference. The specific analysis is as follows:
I have been developing ios applications recently. To develop ios applications, of course you need to use a server. When using a server, you must use the remote call protocol. Because I have always used PHP to develop, so I chose thinkphp as the apache server of the framework.
As for the remote calling protocol, after thinking about it, I decided to use jsonRPC. It is relatively simple and convenient. I looked through the manual of thinkphp (version 3.2) and found that thinkphp still supports jsonRPC. This is good. You don’t have to write it yourself (of course) It’s not a hassle to write it yourself).
Simply use thinkphp as the client to call the thinkphp server-side interface, which is easy to use.
The next step is the android side. I just went online to find a package (android-json-rpc.jar) and called the interface, eh! It’s easy to use and it’s going very smoothly.
Next I switched to ios. I found an objc-JSONRpc project on github and used it to call the interface. It was not easy to use. It was normal. Maybe there was something wrong with the project I was looking for, so I changed to Demiurgic. -JSON-RPC is still not easy to use. I started to have doubts about the program. Because there was no problem in calling the web and android terminals, I focused on my ios program. Oh my god, it took me half a day. I just couldn't find the problem. I also used the ios side to call the jsp client interface provided by others, and there was no problem.
Later, I started to look at the jsonRPC module built into thinkphp. After constant debugging (various debugging, deleting code, and Dbug), I found this line of code:
I noticed that this function did not call_user_func_array, array, click on it to see the parameter description. Sure enough, $request['params'] must be an array type, not that the array is not recognized alive or dead. What is even more hateful is that thinkphp did not perform this parameter Strict verification, so I don’t know what’s wrong.
It will be easier to handle once you know the reason, just add verification in front.
I hope this article will be helpful to everyone’s PHP programming based on the ThinkPHP framework.