RESTfull concept

Question

I'm still confusing about RESTfull concept. I have a service it's like here

include '../includeall.php';
$query = Q_GET_FACT_GIVEN_TABLE;

$i = 0;
$queryall = null;
if (isset($_GET['year'])) {
    $year = $_GET['year'];
    $queryall[$i++] = "f.year=" . $year;
}

if (isset($_GET['period_id'])) {
    $period_id = $_GET['period_id'];
    $queryall[$i++] = "f.period_id=" . $period_id;
}

if (isset($_GET['month_id'])) {
    $month_id = $_GET['month_id'];
    $queryall[$i++] = "f.month_id=" . $month_id;]
}

if (isset($_GET['var_in_cat_id'])) {
    $var_in_cat_id = $_GET['var_in_cat_id'];
    $queryall[$i++] = "f.var_in_cat_id=" . $var_in_cat_id;
}

if (isset($_GET['reg_id'])) {
    $reg_id = $_GET['reg_id'];
    if ($reg_id == "prop")
        $queryall[$i++] = "substring(reg_id,-2)='00' AND reg_id<>'0000'";
    else
        $queryall[$i++] = "f.reg_id=" . $reg_id;
}

if (isset($_GET['id_prop'])) {
    $idprop = $_GET['id_prop'];
    $queryall[$i++] = "substring(reg_id,1,2)='$idprop' AND substring(reg_id,-2)<>'00'";
}

if (isset($_GET['data_source_id'])) {
    $data_source_id = $_GET['data_source_id'];
    $queryall[$i++] = "f.data_source_id=" . $data_source_id;
}

for($i=0;$i<count($queryall);$i++){
    $queryi=$queryall[$i];
    $query.=" AND ".$queryi;
}

$query.=" ORDER BY reg_id,month_id";

$database = new Database();
$queryResult = $database->query($query);
$resultArray = Utils::convertToJSON($queryResult);
?>

Is my implementation code above can be called as web service?? It's contains of JSON implementation in output as user request on some url. If it can be categorized as a web service what kind of service do I have?? Can it be call as a RESTfull web service.. Please help me..

in PHP, you can append an element to an array using the `[]` operator, without that `$i++` you are putting everywhere. Also, there is the [`foreach`](http://php.net/foreach) loop which always is handy to know. — Carlos Campderrós, Jun 28 '11 at 09:33

score 1 · Accepted Answer · edited May 23 '17 at 12:04

1

Well, you could consider it a web service, but its interface there's no REST aspect in there. I'd call it ... a search function.

REST(Representational State Transfer) means that the HTTP method defines the action you're taking. For example, a DELETE HTTP request will actually cause a deletion, and a PUT will write a resource. As presented above, your application consists of a search function, and therefore does not apply.

In php, you can determine the HTTP method used in the request from $_SERVER['REQUEST_METHOD'].

By the way, you should not initialize $queryall as null, but array(). You can also dispose of the $i and just write $queryall[] = ... instead of $queryall[$i++].

Also, you should not construct a database query by concatenating input strings, as this code makes your application vulnerable to SQL injections. Use prepared statements to avoid SQL injection vulnerabilities.

edited May 23 '17 at 12:04

Community

1
1

answered Jun 26 '11 at 14:03

phihag

278,196
72
453
469

many thanks.. I finally understand know. So if I want to implement my service to RESTfull concept. I have to design my service supporting for DELETE PUT or other http request. Thanks for the suggestion of my code. I'am a java coder actually.If you do not mind, Can you give me a modification way to get a RESTfull concept? – mrhands Jun 28 '11 at 05:22
@user816180 For REST to be applicable, your application must manage some kind of data, and allow users to add, edit, and delete said data. Then, you'd probably have code like `switch($_SERVER['REQUEST_METHOD']){case 'PUT': write(); break; case: 'DELETE': delete(); break; ...}`. By the way, as @Ondřej Mirtes pointed out, your code is also vulnerable to SQL injection. What happens when the user enters `'; DROP DATABASE; --` in the `year` field? – phihag Jun 28 '11 at 06:06

RESTfull concept

1 Answers1