Summary of things to know about using JSON

This time I will bring you a summary of the instructions for using JSON. What are the precautions for using JSON? The following is a practical case, let's take a look.

Terms

Portability
Compatibility of transferring information between platforms and systems.

JSON
JavaScriptObjectNotation object notation.

Data exchange format
Text used to exchange data between different platforms or systems.

Literal value
The literal meaning is exactly the same as the value it wants to express.

Variable
is represented by an identifier in the shape of X and can be modified.

Maximum portability
Provides portability beyond the data format itself by ensuring the compatibility of the data itself with the platform and system.

Name-value pair
refers to attributes and characteristics (also called key-value pairs) that have names and corresponding values.

Syntax verification
Verification of json format.

Consistency verification
Focus on unique data structure verification.

String type in JSON
A string value, such as "You are a good person", is wrapped in double quotes.

concept

JSON is a data exchange format.

JSON is independent of programming languages.

JSON is based on the literal representation of JavaScript object (the emphasis is on the representation).

The way JSON expresses data is friendly to common programming concepts.

JSON is based on JavaScript object literalsThe syntax for representing properties, but does not include the function-related parts of JavaScript object literals.

In JSON name-value pairs, the name is always wrapped in double quotes.

JSON name-value pair, the value can be a string, number, Boolean value, null, object array.

Lists of name-value pairs in JSON are always wrapped in curly braces.

Multiple name value pairs in JSON are separated by commas.

JSON files use the .json extension.

The media type of JSON is application/json.

The Boolean type values ​​in JSON are only true and false, and all letters must be lowercase.

All letters of the null value in JSON must be lowercase, indicating a null value.

Number type in JSON, a numeric value, such as 66, can be a positive integer, a negative integer, a decimal, or an exponent.

The key difference between objects and arrays is that objects are lists or collections of name-value pairs, and arrays are lists and collections of values.

Another key difference between objects and arrays is that all values ​​in an array should have the same data type.

Terms
Arrays in JSON
An array is a collection or list of values, each value can be a string, number, boolean, object or in an array any type. Arrays must be wrapped in [] and separated by commas.

Object type in JSON
Object type is a collection of name-value pairs separated by commas and wrapped with {}.

JSON Schema
A virtual contract in data exchange.

Server side (in web development)
A series of operations performed on the server when web resources are requested. The server provides the Internet browser with responses that it processes and loads.

Client (in web development)
A series of operations performed when the interface requested by the browser is loaded, usually referring to HTML, CSS and JavaScript.

Concept
The JSON validator is responsible for validating syntax errors, and JSON Schema is responsible for providing consistency verification.

JSONSchema is the first line of defense responsible for data reception, and is also a good tool for the data sender to save time and ensure that the data is correct.

JSONSchema can solve the following consistency verification problems
1. Is the data type of the value correct? You can specify that a value is a number, string, etc. type.
　2. Does it contain the required data? You can specify which data is required and which is not.
　3. Is the form of the value what I need? You can specify a range, minimum value and maximum value.

JSON itself poses no threat, it is just text.

When locating JSON security issues, you should remember the following 3 things.
1. Do not use top-level arrays. Top-level arrays are legal JavaScript scripts. They can use < script> tag link and use.
　2. For resources that do not want to be made public, only the HTTPPost method is allowed to be requested, not the Get method. The get method can be requested through the url or even placed in the script tag.
　3. Use JSON.parser() instead of eval(). The eval() function will compile and execute the incoming string, which will make your code vulnerable to attacks. You should only use JSON.parser() to parse json data.

Security vulnerabilities are often caused by developers not considering how hackers could exploit this.

The relationship between JavaScript’s XMLHTTPRequest and WEBAPI is the relationship between the client and the server.

XMLHTTPRequest is not limited to XML, you can also use it to request JSON resources

Terms
Cross-site request forgery (CSRF)
refers to the use of site Attack the trust of the user's browser

Top-level JSON arrayA JSON array at the top of the document that exists outside of the JSON name-value pairs.

Injection attack
An attack that relies on injecting data into a web application to facilitate the execution or compilation of malicious data.

JSON cross-site scripting attack
An injection attack on the site by intercepting or replacing third-party code used in the site with malicious scripts.

webApi
A series of instructions and standards for interacting with services through HTTP.

XMLHTTPRequest
A JavaScript object that can obtain data from a URL without refreshing the page. It is commonly used in AJAX programming.

Hypertext Transfer Protocol (HTTP)
Basic protocol for exchanging data used by the World Wide Web

Serialization
The operation of converting objects into text

Deserialization
The operation of converting text into objects.

Concept
The website serves people, webAPI serves code, and they both use the Http protocol.

The same-origin policy makes it difficult for JavaScript and JSON resources to communicate client-server.

The client's cross-domain XMLHTTPRequest requires server support to ensure the success of the JSON resource request.

jQuery is an abstraction tool that provides JSON request and parsing functions that can shorten development time. It also solves cross-browser compatibility issues.

The concept of AngularJS MVC
JSON is a model||data model
HTML is a view and provides the syntax to bind to the model
The controller is AngularJS Syntax for defining and manipulating JavaScript files that interact with models and views.

AngularJS makes JavaScript objects and JSON shine in the MVC architecture.

In relational database, there are often table columns and rows and the relationship between them, in which primary keys and foreign keys are used.

There are many types of NoSQL databases, and they have different data storage and utilization methods from the traditional relational model.

Important concepts of CouchDB database
1. It is a document-oriented NoSQL database
2. It stores and manages JSON documents
3. It maintains data while storing and retrieving it Good data structure
4. It will use an HTTP-based API to obtain data as a JSON document resource
5. Ituses JavaScript as the query language and uses the map and reduce methods of the view Get data across APIs.

On the server side, JSON can be deserialized into objects and used in programming logic, or objects can be serialized into JSON format.

JSON is well supported by both the server and the client, making it stand out from many exchange data formats in the web field.

Terms
Same Origin Policy
For security reasons, the browser will only request scripts from the same domain.

Cross-domain resource sharing CORS
By setting the response header, cross-domain requests can be successful.

JSON-p
Use the script tag to bypass the same-origin policy restrictions and request JSON from servers with different domain names.

Abstraction
A technology for dealing with complex systems. The main idea is to convert a big problem into multiple small problems

Framework
A technology that can save time and has made We focus more on building abstract tools for functionality.

Jquery.parserJSON()
A jquery function, which not only calls the JSON.parser() function, but is also compatible with old browsers that do not support the JSON.parser() function, and passes the verification character to evaluate the string, thus avoiding possible security issues.

jquery.getJSON()
The short form of the jquery.ajax() function, which includes the function of parsing json into a JavaScript object.

Single-page web application
Different from the traditional multi-page method, it focuses on web pages that provide a more seamless application experience.

Model-View-Controller (MVC)
An application architecture pattern that divides the application into 3 parts: model (data), view (presentation), and controller (updating model and view) )

AngularJS
A JavaScriptMVC framework that uses JavaScript objects as data models.

Relational database
A database that stores stored data in a structured manner using identifiable relationships.

NoSQL database
A database that does not store relationships by storing data.

CouchDB
A document-oriented NoSQL database storage type that uses JSON documents to store data.

ASP.NET
Server-side Web framework developed by Microsoft

PHP
Server-side scripting language for creating dynamic web pages

Ruby on Rails
Server-side Web application framework written in Ruby

Node.js
Server-side JavaScript based on Google V8 engine.

java
An object-oriented programming language.

JSON will also serve as a static configuration file

When considering what data format to use, the form of the data and the system for exchanging the data should be considered. ! ! ! JSON is not always the best choice.

I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to other related articles on the php Chinese website!

Recommended reading:

Adjustment of ajax execution order in jquery

Detailed explanation of Ajax and $.ajax instances

The above is the detailed content of Summary of things to know about using JSON. For more information, please follow other related articles on the PHP Chinese website!