0

I'm trying to make a REST API that uses a POST to create a new object in my database. I'm using the Slim framework.

The problem it's that I'm not sure about what I exactly have to put in these lines on my POST method:

$app->response->headers->set("Content-type","application/json");
$app->response->status(200);
$app->response->body(json_encode(**Here they put the name of the type of the object that they have in their database**));

My full POST route is:

$app->post("/cars/", function() use($app)
{
    $idCar = $app->request->post("idCar");
    $name = $app->request->post("name");

    try{
        $connection = getConnection();
        $dbh = $connection->prepare("INSERT INTO cars VALUES(?,?)");
        $dbh->bindParam(1,$idCar);
        $dbh->bindParam(2,$name);

        $dbh->execute();
        $connection = null;

        $app->response->headers->set("Content-type","application/json");
        $app->response->status(200);
        $app->response->body(json_encode(**What I have to put here?**));

    }catch(PDOException $e)
    {
        echo "Error: " . $e->getMessage();
    }
});

In the table cars there are objects Car.

Should I put it like this?:

$app->response->headers->set("Content-type","application/json");
$app->response->status(200);
$app->response->body(json_encode($Car));

I'm a bit confused because in the tutorials that I saw before, in the POST method they don't have any reference to the name of the variable inside the POST route. For example, if they use $fruit they didn't declare any variable named $fruit inside their route.

What should I do? Is my answer correct?

alexw
  • 8,468
  • 6
  • 54
  • 86
Francisco Romero
  • 12,787
  • 22
  • 92
  • 167
  • 1
    `phpmyadmin` is not a database. **MYSQL** is a database that `phpMyAdmin' can be used to look at and manipulate!!! – RiggsFolly Aug 08 '15 at 15:43
  • I would suggest that you should be returning some sort of status information telling the caller that the process completed correctly or failed. However you dont check any statuses from the database access code so even you dont actually know if it was successful or not – RiggsFolly Aug 08 '15 at 15:47
  • @RiggsFolly I'm sorry, I'm really new in this field. Do you know what I put in the place that I have doubts? Thank you for correct me! – Francisco Romero Aug 08 '15 at 15:47
  • @RiggsFolly I just want to use my `POST` method from Android. Would be something different? (The tutorial that I saw it's for use `Slim framework ` with `Android`. – Francisco Romero Aug 08 '15 at 15:51
  • 1
    Did you set up your connection to generate exceptions? i.e. `$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); ` – RiggsFolly Aug 08 '15 at 15:54
  • @RiggsFolly Yes, I put it on my `connect.php` file – Francisco Romero Aug 08 '15 at 15:59
  • What response do you want to send back to the user after insertion? – hjpotter92 Aug 08 '15 at 16:06
  • @hjpotter92 Do you mean, for example, a text that says "Your Car has been added succesfully"?. – Francisco Romero Aug 08 '15 at 16:11
  • Exactly that. just pass it to `json_encode` – hjpotter92 Aug 08 '15 at 16:55
  • @hjpotter92 Then maybe I have a wrong idea of what it's `json_encode`. I think you have to pass to the `json_encode` the result of the `insert` sentence. Is it wrong? – Francisco Romero Aug 10 '15 at 09:53

1 Answers1

0

The simple answer is that you can put whatever you want in your response. See this question.

This is a design problem, not a question of being "correct". You should ask yourself how you intend for the API to be consumed. Once the consumer creates the object, will they need a convenient way to access it again (without having to look it up based on some other criteria)? In that case, you might want to return just the id of the object you created in your response. You could also return the entire object in your response, but be careful - in some cases, there might be something in the database representation of a Car that should not be available to the end user. For example, maybe they should see the Car's name, make, and model, but not its buyerSocialSecurityNumber.

In any case, you'll need to fetch any additional information after running the INSERT query with another query. For example, assuming there is more information than just the id and name, I could do something like:

    $connection = getConnection();
    $dbh = $connection->prepare("INSERT INTO cars VALUES(?,?)");
    $dbh->bindParam(1,$idCar);
    $dbh->bindParam(2,$name);

    $dbh->execute();

    $newCarId = $dbh->lastInsertId();
    $car = $dbh->query("SELECT * FROM cars WHERE id = $newCarId");

    $connection = null;

    $app->response->headers->set("Content-type","application/json");
    $app->response->status(200);
    $app->response->body(json_encode($car));

Note that in this case, it is safe to interpolate $newCarId directly into a query because it is trusted content - i.e. not user input.

Community
  • 1
  • 1
alexw
  • 8,468
  • 6
  • 54
  • 86