php:从POST接收json并保存到文件

I want to receive a POST request from a JS client with a json body (i.e. this is not form data), and save the .gigs (javascript) array to a file, after checking the .password field. This is all my code (based on Receive JSON POST with PHP)

$json_params = file_get_contents("php://input");

if (strlen($json_params) > 0 && isValidJSON($json_params)){
    /* json_decode(..., true) returns an 'array', not an 'object'
   * Working combination: json_decode($json_params) WITH $inp->password
   */
  $inp = json_decode($json_params);
} else {
    echo "could not decode POST body";
    return;
}

$password = $inp->password;
// echo $password;

if ($password == "****") {
  $gigs = $inp['gigs'];
  // WAS $res = file_put_contents('gigs.json', json_encode($gigs), TEXT_FILE);
  $res = file_put_contents('gigs.json', json_encode($gigs));

  if ($res > 0) {
    echo "Success";
    return;
  } else {
    if (!$res) {
      http_response_code(500);
      echo "file_put_contents error:".$res;
      return;
    } else {
      http_response_code(500);
      echo "Error: saved zero data!";
      return;
    }
  }
} 
else {
  // http_response_code(403);      // (2)
  echo "Password invalid";
  return;
}

What I find is that

  • if I comment out the if statement and uncomment echo $password; then the right password is there
  • if I uncomment line 2, which I want to do, then I get back a 500 and the error logs refer an Illegal string offset 'password' in line (1) above. Without that I get back a "Success" (all for the same password).

I don't understand what is happening, nor how to get 200, 403 and 500 error messages safely.

Note

$json_params = file_get_contents("php://input");

If your scripts are running upon regular HTTP requests, passing data like it comes from HTML form, them you should consider using $_POST for your content, not php://input. If you expect JSON in request body, then I'd be fine, yet I'd also check content type for application/json.

Next:

$inp = "I never got set";

if (strlen($json_params) > 0 && isValidJSON($json_params)){
  $inp = json_decode($json_params, true);
}

$password = $inp->password;
$password = $inp['password'];

This is pretty broken. First, see json_decode() arguments (2nd) -> you are decoding to array (true), not object (false), so only $password = $inp['password']; will work in your case. Also the whole code will fail when your input data is invalid as in that case $np is rubbish string, not the array you try to read later on. Use null as default value and check for that prior further use.

Next:

$res = file_put_contents('gigs.json', json_encode($gigs), FILE_TEXT);

there's no FILE_TEXT option for file_put_contents(). Nor you'd need one.

Once you correct these you'd be fine. Also print_r() and var_dump() may be the functions you wish to get familiar with for your further debugging.

In general http://php.net/ -> lookup for functions you are about to use.