current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 1 down vote favorite

I am setting up some PHP pages to provide API services to users (and my applications).

In its most basic form, it looks like this:

<?php
require("include.php");
$page = new Page();
$authZone="general";
$auth = $page->authenticate($mySystemUserId,$authZone);
    if ($auth[0]!="AUTHORIZED") {
    exit('<h1 class="access-denied">ACCESS DENIED</h1>');
    }

header('content-type:application/json');

if (isset($_REQUEST['q'])) {
$q = $_REQUEST['q'];
} else {
exit();
}

if ($q=="") {


}

?>

Essentially it opens the page and checks to see what "query" or "service" to run ($_REQUEST['q']).

Then it seems to run whatever code block is applicable to that service and then returns it in JSON format.

As I have never seen any "official" standard on how to set up a secure API service, I would like any other professional to review this and say:

a) This looks fine b) Mostly fine but you need to correct ______________ c) Wow, you got it totally wrong. Take a look at (hyperlink) and come back when you come out of the 80s...

share|improve this question

closed as off-topic by Malachi, SirPython, Jamal Jul 30 at 23:59

This question appears to be off-topic. The users who voted to close gave this specific reason:

If this question can be reworded to fit the rules in the help center, please edit the question.
1  
Welcome to Code Review! The example code that you have posted is not reviewable in this form because it leaves us guessing at your intentions. Unlike Stack Overflow, Code Review needs to look at concrete code in a real context. Please see Why is hypothetical example code off-topic for CR? –  Malachi Jul 30 at 23:30

Browse other questions tagged or ask your own question.