REST api using php - how to parse url resource id for POST

[mds1256]

Hi

 

Looking to create an API using php and I have a question around POST:

 

I want to use a url of: http://localhost/customers as the end point for the api with the methods below:

 

GET /customers - to return all customers in json format

GET /customers/1 - to get customer with id of 1

POST /customers - to create a customer

PUT /customers/1 - to update customer with id of 1

DELETE /customers/1 - to delete customer with id of 1

 

And to create an address for customer 1:

 

POST /customers/1/address

 

 

Now how do I parse the the customer id from the URL for the POST request?

 

I can think of two ways to achieve this but not sure which is the correct way (if any)?

 

1. Use apache to rewrite the url from POST /customers/1/address to address.php?customerid=1 and then use $_GET[‘customerid’] and use that in combination with the POST data to then created the address?

 

2. Use apache to rewrite the url from POST /customers/1/address to address.php and then use the $_SERVER[‘REQUEST_URI’] to explode on forward slash and then use the value from the exploded array to use with the POST data to then creates the address for customer with id of 1.

 

 

Which way is best or is there a better way?

[requinix]

Either way works. Really. #1 is easier for simple PHP setups and #2 is easier when you have a framework that handles all requests (meaning you have something that does the parsing for you). So use the option that fits your environment better.

[mds1256]

Either way works. Really. #1 is easier for simple PHP setups and #2 is easier when you have a framework that handles all requests (meaning you have something that does the parsing for you). So use the option that fits your environment better.

Thanks for the quick response.

 

So there would be no problems with using the url query strings using get and then the post params within the same request so I can create/update a resource.

 

POST /customers/1/address Maps to address.php?customerid=1

 

Sudo code:

 

$cusId = $_GET[‘customerid’];

 

$address = $_POST[‘addressdetails’];

 

Insert into addresses (customerid, address) values ($cusId, $address);

 

I know about sql injection and validation etc for the above just wanted to just get my point across about using GET when I am actually posting?

 

Thanks again

[requinix]

Right. Query string parameters aren't just for GET requests - it's really more like they're just special parts of a (any) URL, and that GET is the "default" request method when you're not using something else (like POST or PUT). The fact that PHP calls the variable "_GET" is an unfortunate decision made way back when; something like "_QUERY" would have been more appropriate.

[mds1256]

Right. Query string parameters aren't just for GET requests - it's really more like they're just special parts of a (any) URL, and that GET is the "default" request method when you're not using something else (like POST or PUT). The fact that PHP calls the variable "_GET" is an unfortunate decision made way back when; something like "_QUERY" would have been more appropriate.

Ah, that makes more sense. So as they are part of the url I need to use $_GET[‘customerid’] anyway when parsing the POST, as $_POST[‘customerid] won’t exist as it’s not in the post body? so I would need to use GET for customerid even though I am POSTing the other data, it’s just more of a name issue?

 

Think I have got it now.

 

I see I could use $_REQUEST[] to get both GET and POST data but if the same names are used they can overwrite so always better to use $_GET for query string and $_POST to get post body data?

[requinix]

So as they are part of the url I need to use $_GET[‘customerid’] anyway when parsing the POST, as $_POST[‘customerid] won’t exist as it’s not in the post body? so I would need to use GET for customerid even though I am POSTing the other data, it’s just more of a name issue?

Exactly.

 

I see I could use $_REQUEST[] to get both GET and POST data but if the same names are used they can overwrite so always better to use $_GET for query string and $_POST to get post body data?

$_REQUEST is a combination of other variables: normally $_GET and $_POST but also often $_COOKIE. They'll overwrite each other in a specific order. It's convenient to have the one variable for everything but means you can't be sure where a particular value comes from - you might think you're getting it from the URL ($_GET) but it could have been passed via a form ($_POST) or a cookie ($_COOKIE).

 

Using $_GET/POST/COOKIE specifically is considered a best practice.

[mds1256]

Exactly.$_REQUEST is a combination of other variables: normally $_GET and $_POST but also often $_COOKIE. They'll overwrite each other in a specific order. It's convenient to have the one variable for everything but means you can't be sure where a particular value comes from - you might think you're getting it from the URL ($_GET) but it could have been passed via a form ($_POST) or a cookie ($_COOKIE).So unless you really don't care where the value comes from, using $_GET/POST/COOKIE specifically is considered a best practice.

Thanks for this, it had really helped me understand what I need to do now