0

I created a REST API and I've come to the point where I want to output 20 rows (e.g.) if I access the API like http://api.randomuser.me/?results=20.

This is my PHP code. I am new to Slim and AngularJS, please help.

function getUsers() {
    $sql = "select * FROM user";
    try {
        $db = getConnection();
        $stmt = $db->query($sql);  
        $users = $stmt->fetchAll(PDO::FETCH_OBJ);
        $db = null;
        echo json_encode($users);
    } catch(PDOException $e) {
        echo '{"error":{"text":'. $e->getMessage() .'}}'; 
    }
}

Thanks in advance.

user5266307
  • 23
  • 1
  • 1
  • 3
  • You are limiting the rows currently to max. 10 in your SQL query. You could use the `$_GET` parameter if it exists to overwrite the limit you're setting, but you need to validate and filter it, since it's an user input. – Charlotte Dunois Aug 29 '15 at 10:43
  • Is that all the code you have? What is your actual question? – Kenster Aug 29 '15 at 10:45
  • Hello guy, I am not trying to set the limit of the rows thru the url parameters. please visit http://api.randomuser.me/?results=20 to se where I am trying to get at,,,, am trying to display more rows of my database everytime the resuts increase example 30 rows of my database to show if http://api.randomuser.me/?results=30 is accessed by my angular load more app. – user5266307 Aug 29 '15 at 11:16
  • @user5266307 It's still not clear what are you asking. Create an example of what you want to obtain given an input. – Davide Pastore Aug 31 '15 at 12:31

2 Answers2

0

Read the results parameter in a variable, and use it in the LIMIT clause instead of the hard coded 10

function getUsers() {

    try {
        $db = getConnection();

        $limit = $_GET["results"];
        // validate $limit for valid value here and continue only if  
        // using something like 
        // $limit = $db->real_escape_string($limit);
        // and continue only if successfully validated

        $sql = "select * FROM user ORDER BY id LIMIT ".(strlen($limit) ? $limit : 10);
        $stmt = $db->query($sql);  
        $users = $stmt->fetchAll(PDO::FETCH_OBJ);
        $db = null;
        echo json_encode($users);
    } catch(PDOException $e) {
        echo '{"error":{"text":'. $e->getMessage() .'}}'; 
    }
}
mynawaz
  • 1,599
  • 1
  • 9
  • 16
0

You will have to change your sql... something like

$limit = $_GET['limit'];
/clean your input make sure it has a value using isset,empty etc
$sql = "select * FROM user ORDER BY id LIMIT ".$limit; //this is a quick example rather use pdo bound parameters.
    try {
        $db = getConnection();
        $stmt = $db->query($sql);

        $users = $stmt->fetchAll(PDO::FETCH_OBJ);
        $db = null;
        echo json_encode($users);
    } catch(PDOException $e) {
        echo '{"error":{"text":'. $e->getMessage() .'}}'; 
    }
}

Remember to clean your input and use bound parameters in your query.

kurt
  • 1,146
  • 1
  • 8
  • 18
  • Very nice, my limit parameter will be `; DROP DATABASE; -- `. – Charlotte Dunois Aug 29 '15 at 10:44
  • @CharlotteDunois Try actually reading the answer. I explictly stated in both the code example and answer that you should use bound parameters and clean your input. – kurt Aug 29 '15 at 10:46
  • you can't use a bound parameter for the limit clause - unless of course you are calling a stored procedure – Professor Abronsius Aug 29 '15 at 10:47
  • My appologies, I've never actually tried on a limit clause. Learn something new everyday thanks... actually I retract that check this post http://stackoverflow.com/questions/2269840/how-bindvalue-in-limit – kurt Aug 29 '15 at 10:49
  • I don want to limit my output I want to be able to access rows of data by accessing /?results=20, 30 rows of data by accessing /?results=30 and so on. – user5266307 Aug 29 '15 at 11:23