c#调用php然后查询数据库的最佳实践 [英] best practice for c# calling php which then queries the database
问题描述
出于某种原因,我必须有一个Windows客户端应用程序(用C#编写),它与我服务器上的PHP文件通信。由于可能会对exe文件进行反汇编,因此不允许Windows应用程序在代码中进行SQL查询。这是使用此方法的主要原因。
For some reason I have to have a windows client application (written in C#) which communicates with the PHP files that are on my server. Windows application can't be allowed to have SQL queries in the code because of the possible disassembling of the exe file. This is the main reason why this approach is used.
基本上它看起来像这样:从Windows客户端我调用getResult.php然后打开与数据库的连接,查询数据库,将结果返回给客户端并关闭数据库连接。因此,Windows客户端没有任何用于查询数据库的代码,它只是调用PHP文件。
Basically it looks like this: from windows client i call getResult.php which then opens the connection to the database, queries the database, returns the result to the client and closes the database connection. Therefore windows client doesn't have any code for querying the database, it just has calls to the PHP file.
我的几个问题如下:
1.从c#代码向PHP文件发送请求的最佳方法是什么? (因为我需要发送这个php文件一些参数,比如ID等... - >我知道我可以用GET这样做getResult.php吗?id = 123456,但这与POST一样吗?还有,一个问题:如何在代码中执行此操作?http请求或?)
My several questions follow:
1. What is the best way to send request from c# code to the PHP file? (Cause I need to send this php file some parameters like ID, etc... -> I know I can do it with GET like this getResult.php?id=123456, but is this same possible with POST? And also, one question: how to do this in code? http requests or?)
2.因为每次调用PHP文件(将会有更多文件,我会调用,像getResult.php,getStatus.php等...)我将以某种方式需要将登录信息发送到PHP将用于查询数据库的PHP文件。我的问题是如何安全地执行此操作,并且加上:是否可能以某种方式调用doLogin.php之类的东西并发送登录用户名和密码一次,之后调用此(以及所有其他)php文件而不需要将登录信息作为参数发送给该函数。我知道当整个应用程序在服务器上时我可以使用PHP会话,但主要区别在于我只调用一些文件,执行它们并关闭连接。
2.Since every time I call the PHP file (there will be more files which I will call, like getResult.php, getStatus.php, etc...) I will somehow need to send login information to that PHP file with which that PHP will query the database. My question here is how to do this securely, and plus: is it maybe somehow possible to call something like doLogin.php and send the login username and password one time, and after that call this (and all other) php files without the need to send the login information as a parameter to the function. I know I can use PHP sessions when the whole application is on the server, but the main difference here is that I am only calling some files, executing them and closing the connection.
我的主要问题是:从概念的角度来看这是否正常,或者是否有任何众所周知的概念,我不知道 - 请告诉我我愿意学习。我做了一些研究并且确实认为这可能必须通过Web服务方法完成,但请回复您对此的想法。
My main question is: is this ok from conceptual point of view or are there any commonly known concepts for this, for which I don't know about - please advise I'm willing to learn. I did some research and do believe this might have to be done with web services approach, but please do reply your thoughts on this.
感谢您的帮助!
推荐答案
您的PHP代码是有效地充当RESTful数据访问API。通过SSL(HTTPS)在Web服务器上运行PHP,以便加密所有通信。
Your PHP code is effectively serving as a RESTful data-access API. Run your PHP on a webserver over SSL (HTTPS) so that all your comms are encrypted.
您可以使用受信任的证书对客户端进行身份验证,或者如果您需要不同的访问级别,则提交用户名/密码以获取数据访问请求的授权令牌这不是一个坏主意。
You could either use trusted certificates to authenticate the client, or if you require different access levels, submitting a username/password to get an authorisation token for the data-access requests is not a bad idea.
这是雅虎的一个例子!: http://developer.yahoo.com/dotnet/howto-rest_cs.html
Here is an example from Yahoo!: http://developer.yahoo.com/dotnet/howto-rest_cs.html
这篇关于c#调用php然后查询数据库的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
