Creating A RESTful API With PHP and MySQL |
X

Congrats, You are Subscribed to Receive Updates.

Creating A RESTful API With PHP and MySQL


API service is one of a important service or feature to every dynamic website. Which will also helps you to share your data’s Among other Website and Devices as well. Creating An API Service is easy to make and provide access to outsiders with help of my code. Creating A RESTful API With PHP and MySQL is quite easy,if you follow the steps.

Introduction

When I was started using others API code, I feel its not easy to understand. So I have coded myself with help of Arunkumar who helped to for the base of  API knowledge and few other Sources helped me to know more about it. Also I have tried with Slim framework. But Slim  consumes extra running amount of time and that’s another reason for making my own small RESTful API. I hope you will like my API. if you really Enjoyed Please Subscribe and follow me on social medias to get more updates. Also if you wish to donate, Please contact me directly.

Creating-A-RESTful-API-With-PHP-and-MySQL

Creating A RESTful API With PHP and MySQL

Also I am providing downloadable source code your reference.  You can also use it on your own projects.  Let’s Create the API class.

<?php
 /* File : kv_restful_api.php
 * Author : Kvvaradha
 * Website: www.kvcodes.com
 * email : admin@kvcodes.com
 */
 class REST {
 
	public $_allow = array();
 	public $_content_type = "application/json";
 	public $_request = array();
 
 	private $_method = ""; 
 	private $_code = 200;
 
 	public function __construct(){
 		$this->inputs();
 	}
 
 	public function get_referer(){
 		return $_SERVER['HTTP_REFERER'];
 	}
 
 	public function response($data,$status){
 		$this->_code = ($status)?$status:200;
 		$this->set_headers();
 		echo $data;
 		exit;
 	}
 
 	private function get_status_message(){
 		$status = array(
 			100 => 'Continue', 
 			101 => 'Switching Protocols', 
 			200 => 'OK',
 			201 => 'Created', 
 			202 => 'Accepted', 
 			203 => 'Non-Authoritative Information', 
 			204 => 'No Content', 
 			205 => 'Reset Content', 
 			206 => 'Partial Content', 
 			300 => 'Multiple Choices', 
 			301 => 'Moved Permanently', 
 			302 => 'Found', 
 			303 => 'See Other', 
 			304 => 'Not Modified', 
 			305 => 'Use Proxy', 
 			306 => '(Unused)', 
 			307 => 'Temporary Redirect', 
 			400 => 'Bad Request', 
 			401 => 'Unauthorized', 
 			402 => 'Payment Required', 
 			403 => 'Forbidden', 
 			404 => 'Not Found', 
  			405 => 'Method Not Allowed', 
  			406 => 'Not Acceptable', 
  			407 => 'Proxy Authentication Required', 
  			408 => 'Request Timeout', 
  			409 => 'Conflict', 
 			410 => 'Gone', 
  			411 => 'Length Required', 
  			412 => 'Precondition Failed', 
  			413 => 'Request Entity Too Large', 
  			414 => 'Request-URI Too Long', 
  			415 => 'Unsupported Media Type', 
  			416 => 'Requested Range Not Satisfiable', 
 			417 => 'Expectation Failed', 
 			500 => 'Internal Server Error', 
  			501 => 'Not Implemented', 
  			502 => 'Bad Gateway', 
  			503 => 'Service Unavailable', 
  			504 => 'Gateway Timeout', 
  			505 => 'HTTP Version Not Supported');
  			return ($status[$this->_code])?$status[$this->_code]:$status[500];
  	}
 
  	public function get_request_method(){
  	  	return $_SERVER['REQUEST_METHOD'];
  	}
 
   	private function inputs(){
   	  	switch($this->get_request_method()){
   	  	  	case "POST":
   	  	  	  	  $this->_request = $this->cleanInputs($_POST);
    	  	  	   	  break;
    	  	  	case "GET":
    	  	  	case "DELETE":
    	  	  	  	  $this->_request = $this->cleanInputs($_GET);
    	  	  	break;
    	  	  	case "PUT":
    	  	  	  	  parse_str(file_get_contents("php://input"),$this->_request);
    	  	  	  	  $this->_request = $this->cleanInputs($this->_request);
    	  	  	break;
    	  	  	default:
    	  	  	  	  $this->response('',406);
   	  	  	 break;
   	  	 }
   	 } 
 
    	 public function cleanInputs($data){
    	    	 $clean_input = array();
    	    	 if(is_array($data)){
    	    	    	 foreach($data as $k => $v){
    	    	    	    	 $clean_input[$k] = $this->cleanInputs($v);
    	    	    	 }
    	    	 }else{
    	    	    	 if(get_magic_quotes_gpc()){
    	    	    	    	 $data = trim(stripslashes($data));
    	    	    	 }
    	    	    	 $data = strip_tags($data);
   	    	    	  $clean_input = trim($data);
    	    	 }
    	    	 return $clean_input;
    	 } 
 
    	 private function set_headers(){
    	    	 header("HTTP/1.1 ".$this->_code." ".$this->get_status_message());
    	    	 header("Content-Type:".$this->_content_type);
   	 }
 } 
?>

This is a base class for our API Service. And Now,  Let’s extend it  and make our API Class which will be the main file to call and work on.

RESTful API PHP Class

This is the code for API. We are writing functions of API to query the database and provide necessary details to it.

 <?php 
/* File : kv_api.php
 * Author : Kvvaradha
 * Website: www.kvcodes.com
 * email : admin@kvcodes.com
 */
 require_once("kv_restful_api.php");

 class API extends REST {
	
		public $data = "";
		
		const DB_SERVER = "localhost";
		const DB_USER = "root";
		const DB_PASSWORD = "123";
		const DB = "Kvcodes_api";
		
		private $db = NULL;
	
		public function __construct(){
			parent::__construct();	// Init parent contructor
			$this->dbConnect();	// Initiate Database connection
		}
		
		/*
		 *  Database connection 
		*/
		private function dbConnect(){
			$this->db = mysqli_connect(self::DB_SERVER,self::DB_USER,self::DB_PASSWORD, self::DB);			
		}
		
		/*
		 * Public method for access api.
		 * This method dynmically call the method based on the query string
		 *
		 */
		public function processApi(){
			$func = strtolower(trim(str_replace("/","",$_REQUEST['rquest'])));
			if((int)method_exists($this,$func) > 0)
				$this->$func();
			else
				$this->response('',404);				// If the method not exist with in this class, response would be "Page not found".
		}
		
		/* 
		 *	Simple login API
		 *  Login must be POST method
		 */
		private function login(){
			// Cross validation if the request method is POST else it will return "Not Acceptable" status
			if($this->get_request_method() != "POST"){
				$this->response('',406);
			}
			
			$email = $this->_request['email'];		
			$password = $this->_request['pwd'];
			
			$return  = null;
			if(!empty($email) and !empty($password)){
				if(filter_var($email, FILTER_VALIDATE_EMAIL)){
					$sql = mysqli_query($this->db, "SELECT id FROM `users` WHERE email = '".$email."' AND password = '".md5($password)."' LIMIT 1");
					if(mysqli_num_rows($sql) > 0){
						$result = mysqli_fetch_array($sql,MYSQLI_NUM);								
						$return  = $result[0];
					}
				}
			}			
			return $return ;
		}

		function GetAll(){
			if($this->login() > 0){
				$table_name = $this->_request['table'];					
				$conditions = $this->_request['conditions'];
				if(isset($this->_request['order_by']))
					$order_by = $this->_request['order_by'];	
				else 
					$order_by = null;		   
			    $sql0 = "SELECT * FROM ".$table_name." WHERE 1=1";
			    if($conditions != null) {
				foreach($conditions as $key=>$value){
					$sql0 .= " AND {$key} = '${value}'";
				}
			    }
			    if($order_by != null) {
			        $sql0 .=" ORDER BY ";
			        foreach($order_by as $key=>$value){
			            $sql0 .= " {$key} ${value}";
			        }
			    }  //  echo $sql0;
			    $sql = mysqli_query($this->db, $sql0);  
			    if(mysqli_num_rows($sql) > 0){
					while($row =  mysqli_fetch_array($sql, MYSQLI_ASSOC))
	        			$result[] = $row;
					$this->response($this->json($result), 200);
				}
			}
			$error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
			$this->response($this->json($error), 400);
		}	

		function Delete(){
			if($this->login() > 0){
				$table_name = $this->_request['table'];				
				$conditions = $this->_request['conditions'];

			    $sql0 = "DELETE FROM ".$table_name." WHERE 1=1";
			    foreach ($conditions as $key=>$value) {
			        if(is_numeric($value))
			            $sql0 .= " AND ".$key."=".$value.",";
			        else
			            $sql0 .= " AND ".$key."=".$this->db_escape($value).",";
			    }
			    $sql0 = substr($sql0, 0, -1);
			    $sql = mysqli_query($this->db, $sql0);
				if(mysqli_affected_rows($this->db) > 0){				
					$this->response($this->json(array( 'Deleted_id' => mysqli_affected_rows($this->db))), 200);
				}
				$this->response('', 204);
			}
			$error = array('status' => "Failed", "msg" => "Failed To Delete");
			$this->response($this->json($error), 400);
		}	

		function GetRow(){
			if($this->login() > 0){
				$table_name = $this->_request['table'];				
				$conditions = $this->_request['conditions'];
				if(isset($this->_request['order_by']))
					$order_by = $this->_request['order_by'];	
				else 
					$order_by = null;	   
			    $sql0 = "SELECT * FROM ".$table_name." WHERE 1=1";
			    if($conditions != null) {
					foreach($conditions as $key=>$value){
						$sql0 .= " AND {$key} = '${value}'";
					}
			    }
			    if($order_by != null) {
			        $sql0 .=" ORDER BY ";
			        foreach($order_by as $key=>$value){
			            $sql0 .= " {$key} ${value}";
			        }
			    }  //  echo $sql0;
			    $sql0 .= " LIMIT 1"; 
			    $sql = mysqli_query($this->db, $sql0);  
			    if(mysqli_num_rows($sql) > 0){
					if($row =  mysqli_fetch_array($sql, MYSQLI_ASSOC))        				
						$this->response($this->json($row), 200);
					else
						$this->response(array('status' => "Failed", "msg" => "Sorry It's Not Working"), 400);
				}
				$this->response('', 204);	// If no records "No Content" status
			}
			$error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
			$this->response($this->json($error), 400);
		}

		
		function GetSingleValue(){
			if($this->login() > 0){
				$tablename = $this->_request['table'];	
				$column_single = $this->_request['column_single'];	
				if(isset($this->_request['conditions']))
					$conditions = $this->_request['conditions'];
				else
					$conditions = null; 

				$sql0 = "SELECT ".$column_single." FROM ".$tablename." WHERE 1=1";
			    if($conditions != null) {
			        foreach($conditions as $key=>$value){
			            if(is_numeric($value))
			                $sql0 .= " AND {$key} = ${value}";
			            else
			                $sql0 .= " AND {$key} = '${value}'";
			        }
			    }  
			    $sql = mysqli_query($this->db, $sql0);  
			    if(mysqli_num_rows($sql) > 0){
					if($row =  mysqli_fetch_array($sql, MYSQLI_ASSOC))        				
						$this->response($this->json($row), 200);
					else
						$this->response(array('status' => "Failed", "msg" => "Sorry It's Not Working"), 400);
				}
				$this->response('', 204);	// If no records "No Content" status
			}
			$error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
			$this->response($this->json($error), 400);
		}
		
		function Insert(){
			if($this->login() > 0){
				$table_name = $this->_request['table'];	
				$data = $this->_request['data'];

			    $sql0 = "INSERT INTO ".$table_name." (";
			    $sql1 = " VALUES (";
			    foreach($data as $key=>$value){
			        $sql0 .= $key.",";
					if(is_array($value)) { 
						if($value[1] == 'date')				
							$sql1 .=  $this->db_escape($value[0]).",";
						if($value[1] == 'float')
							$sql1 .= $value.",";
					}else 
						$sql1 .= $this->db_escape($value).",";
			    }
			    $sql0 = substr($sql0, 0, -1).")";
			    $sql1 = substr($sql1, 0, -1).")";
			    //$string =  str_replace('\"', '',$sql0.$sql1);
			    $string = stripslashes($sql0.$sql1);
			   // $this->response($string, 400);
				$sql = mysqli_query($this->db, $sql0.$sql1);
				if(mysqli_insert_id($this->db) > 0){				
					$this->response($this->json(array( 'inserted_id' => mysqli_insert_id($this->db))), 200);
				}
				//$this->response('', 204);
				$error = array('status' => "Failed", "msg" => "Failed To Insert ".$string);
				$this->response($this->json($error), 400);
			}else{
				$error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
				$this->response($this->json($error), 400);
			}
		}


		function Update(){
			if($this->login() > 0){
				$table_name = $this->_request['table'];	
				$data = $this->_request['data'];
				$primary_key = $this->_request['primary_key'];
			   
			    $sql0 = "UPDATE ".$table_name." SET ";
			    foreach($data as $key=>$value){
					if(is_array($value)) { 
						if($value[1] == 'date')				
							$sql0 .= $key." = ". $this->db_escape(date2sql($value[0])).",";
						if($value[1] == 'float')
							$sql0 .= $key." = ". $value.",";
					}else {
						if(is_numeric($value))
							$sql0 .= $key." = ".$value.",";
						else
							$sql0 .= $key." = ".$this->db_escape($value).",";
					}
			    }
			   	$sql0 = substr($sql0, 0, -1);
			    $sql0 .= " where ";

			     foreach($primary_key as $key=>$value){
			        if(is_array($value)) { 
			            if($value[1] == 'date')             
			                $sql0 .= $key." = ". $this->db_escape(date2sql($value[0])).",";
			            if($value[1] == 'float')
			                $sql0 .= $key." = ". $value.",";
			        }else{
						if(is_numeric($value))
							$sql0 .= $key." = ".$value.",";
						else
							$sql0 .= $key." = ".$this->db_escape($value).",";
					} 			           
			    }
			    $sql0 = substr($sql0, 0, -1);
			    $sql = mysqli_query($this->db, $sql0);
				if($sql){				
					$this->response($this->json(array( 'response' => 'Updated')), 200);
				}
				$this->response($this->json(array( $sql0)), 200);
			}else{
				$error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
				$this->response($this->json($error), 400);
			} 
		}	

		public	function db_escape($value = "", $nullify = false){			
			$value = @html_entity_decode($value);
			$value = @htmlspecialchars($value);

		  	//reset default if second parameter is skipped
			$nullify = ($nullify === null) ? (false) : ($nullify);

		  	//check for null/unset/empty strings
			if ((!isset($value)) || (is_null($value)) || ($value === "")) {
				$value = ($nullify) ? ("NULL") : ("''");
			} else {
				if (is_string($value)) {
		      		//value is a string and should be quoted; determine best method based on available extensions
					if (function_exists('mysqli_real_escape_string')) {
				  		$value = "'" . mysqli_real_escape_string($this->db, $value) . "'";
					} else {
					  $value = "'" . mysqli_escape_string($this->db, $value) . "'";
					}
				} else if (!is_numeric($value)) {
					//value is not a string nor numeric
					display_error("ERROR: incorrect data type send to sql query");
					echo '

';
					exit();
				}
			}
			return $value;
		}
				
		/*
		 *	Encode array into JSON
		*/
		private function json($data){
			if(is_array($data)){
				return json_encode($data);
			}
		}
	}
	
	// Initiiate Library	
	$api = new API;
	$api->processApi();

?>

htaccess

That’s it, We have to create .htaccess file override the url of the file. Let’s see Code for .htaccess file.

<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /rest/  #### <------------ Here change your URL. 
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME} !-s
 RewriteRule ^(.*)$ api.php?rquest=$1 [QSA,NC,L]

 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^(.*)$ api.php [QSA,NC,L]

 RewriteCond %{REQUEST_FILENAME} -s
 RewriteRule ^(.*)$ api.php [QSA,NC,L] 
</IfModule>

Now, Our API  class is ready. We have to know how to use it. I will provide it on next article about it. You can download the sample code to try it on your own risk.

 If you are interested to read more from tutorials Subscribe me to get more updates on your desired categories.

commenter

About Varadharaj V

The founder of Kvcodes, Varadharaj V is an ERP Analyst and a Web developer specializing in WordPress(WP), WP Theme development, WP Plugin development, Frontaccounting(FA), Sales, Purchases, Inventory, Ledgers, Payroll & HRM, CRM, FA Core Customization, PHP and Data Analyst. Database Management Advance Level

4 comments

  1. commenter

    Awesome, thanks for sharing great knowledge and I really Appreciate,
    please, can you help us shared organization file of this tutorial and however, how can we use this

  2. commenter

    Thanks for your sharing knowledge….

    Hope you success

  3. commenter

    Hello,

    Thanks for your sharing, right now I’m modified your rest api into my secure password. I want to ask how to get login()>0, because I’m always get failure you are not authenticated. Here your script :

    public function getHash($password) {
    $salt = sha1(rand());
    $salt = substr($salt, 0, 10);
    $encrypted = password_hash($password.$salt, PASSWORD_DEFAULT);
    $hash = array(“salt” => $salt, “encrypted” => $encrypted);
    return $hash;
    }
    public function verifyHash($password, $hash) {
    return password_verify ($password, $hash);
    }
    private function login(){
    // Cross validation if the request method is POST else it will return “Not Acceptable” status
    if($this->get_request_method() != “POST”){
    $this->response(”,406);
    }
    $username = $this->_request[‘username’];
    $password = $this->_request[‘password’];
    $return = null;
    if(!empty($username) and !empty($password)){$sql = mysqli_query($this->db, “SELECT SALT,PASSWORD FROM `user` WHERE USERNAME = ‘”.$username.”‘ LIMIT 1″);
    $query = mysqli_fetch_assoc($sql);
    $salt = $query[‘SALT’];
    $db_encrypted_password = $query[‘PASSWORD’];
    if ($this -> verifyHash($password.$salt,$db_encrypted_password)) {
    $return = ‘1’;
    }
    }
    return $return ;
    }

Reply to Irfan Rosjidi Cancel reply

Your email address will not be published. Required fields are marked *

*

Current ye@r *

Menu

Sidebar