Home > Enterprise >  Is it logical to get Wordpress article id with PHP API
Is it logical to get Wordpress article id with PHP API

Time:09-01

I have a custom wordpress php rest api. The API has 2 functions. The first function is returning all posts from the wordpress website. Second function is returning posts by slug. I have developing mobile app for the website(blog website). I am getting datas for the app. And I have some anxiety here. I am getting a lot of datas about articles and one of these is article Id.

The question: Is it logical to get wordpress article id with php api. I am asking for security.

1-The api is my custom api for get datas about article. 2-If I don't use the custom php api, I will use the mysql database for save the article informations. And I will get the article datas with php api. But I will set my own id for article(I won't use the wordpress article id).

Which one is the best way to use. Please think for security.

This is my custom PHP API function.

function api_posts()
{
    $args = [
        'numberposts' => 99999,
        'post_type' => 'post',
    ];

    $posts = get_posts($args);

    $data = [];
    $i = 0;

    foreach ($posts as $post) {
        $category = get_the_category( $post->ID )[0]->name;
        $data[$i]['category'] = $category;
        $data[$i]['id'] = $post->ID;
        $data[$i]['title'] = $post->post_title;
        $data[$i]['excerpt'] = $post->post_excerpt;
        $data[$i]['content'] = $post->post_content;
        $data[$i]['slug'] = $post->post_name;
       // $data[$i]['featured_image']['thumbnail'] = get_the_post_thumbnail_url($post->ID, 'thumbnail');
        $data[$i]['thumbnailImage'] = get_the_post_thumbnail_url($post->ID, 'thumbnail');
        $data[$i]['mediumImage'] = get_the_post_thumbnail_url($post->ID, 'medium');
        $data[$i]['largeImage'] = get_the_post_thumbnail_url($post->ID, 'large');
        setlocale(LC_TIME, array('tr_TR.UTF-8','tr_TR.UTF-8','tr_TR.UTF-8','tr_TR.UTF-8'));//tarihi esas alan locali seçer
        $gelen_date = $post->post_date;
        $data[$i]['date'] = strftime("%e %B %Y",strtotime($gelen_date));
        $data[$i]['post_url'] = get_permalink($post->ID);
        $i  ;
    }

    return $data;
}

add_action('rest_api_init', function () {
    register_rest_route('api/v1', 'posts', [
        'methods' => 'GET',
        'callback' => 'api_posts',

    ]);

    register_rest_route('api/v1', 'posts/(?P<slug>[a-zA-Z0-9-] )', array(
        'methods' => 'GET',
        'callback' => 'api_post',
    ));
});

Footnote: The website is not ready to publish. I am using free wordpress blog theme for the test. But I will use the jannah theme when I publish my website.

CodePudding user response:

Post ID values are visible to visitors to a WordPress site. (They show up in places like HTML element classes. Do View Source on a page showing posts and you'll see this.)

So if your reason for using an alternative ID is to avoid disclosing post ID values (maybe for security reasons) don't bother. They are already available.

Plus, if you use an alternative ID you'll probably need to store it as a post attribute in wp_postmeta in your database. That is, putting it mildly, not the best-performing part of WordPress.

  • Related