You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To bind request body into a Go type use `Context#Bind(i interface{})`.
11
+
Echo provides following method to bind data from different sources (path params, query params, request body) to structure
12
+
`Context#Bind(i interface{})` method.
12
13
The default binder supports decoding application/json, application/xml and
13
14
application/x-www-form-urlencoded data based on the Content-Type header.
14
15
16
+
Request data is binded to the struct in given order:
17
+
18
+
1. Path parameters
19
+
2. Query parameters
20
+
3. Request body
21
+
22
+
Notes:
23
+
24
+
* Each step can overwrite binded fields from the previous step. This means if your json request has query param
25
+
`&name=query` and body is `{"name": "body"}` then the result will be `User{Name: "body"}`.
26
+
* To avoid security flaws try to avoid passing binded structs directly to other methods if
27
+
these structs contain fields that should not be bindable. It is advisable to have separate struct for binding and map it
28
+
explicitly to your business struct. Consider what will happen if your binded struct has public
29
+
field `IsAdmin bool` and request body would contain `{IsAdmin: true, Name: "hacker"}`.
30
+
* When binding forms take note that Echo implementation uses standard library form parsing which parses form data
31
+
from BOTH URL and BODY if content type is not MIMEMultipartForm. See documentation for [non-MIMEMultipartForm](https://golang.org/pkg/net/http/#Request.ParseForm)
32
+
and [MIMEMultipartForm](https://golang.org/pkg/net/http/#Request.ParseMultipartForm)
33
+
* To bind data only from request body use following code
0 commit comments