Creating a simple REST API in PHP

I’m the author of php-crud-api and I want to share the core of the application with you. It includes routing a JSON REST request, converting it into SQL, executing it and giving a meaningful response. I tried to write the application as short as possible and came up with these 65 lines of code:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

<?php   // get the HTTP method, path and body of the request $method = $_SERVER['REQUEST_METHOD']; $request = explode('/', trim($_SERVER['PATH_INFO'],'/')); $input = json_decode(file_get_contents('php://input'),true);   // connect to the mysql database $link = mysqli_connect('localhost', 'user', 'pass', 'dbname'); mysqli_set_charset($link,'utf8');   // retrieve the table and key from the path $table = preg_replace('/[^a-z0-9_]+/i','',array_shift($request)); $key = array_shift($request)+0;   // escape the columns and values from the input object $columns = preg_replace('/[^a-z0-9_]+/i','',array_keys($input)); $values = array_map(function ($value) use ($link) {   if ($value===null) return null;   return mysqli_real_escape_string($link,(string)$value); },array_values($input));   // build the SET part of the SQL command $set = ''; for ($i=0;$i<count($columns);$i++) {   $set.=($i>0?',':'').'`'.$columns[$i].'`=';   $set.=($values[$i]===null?'NULL':'"'.$values[$i].'"'); }   // create SQL based on HTTP method switch ($method) {   case 'GET':     $sql = "select * from `$table`".($key?" WHERE id=$key":''); break;   case 'PUT':     $sql = "update `$table` set $set where id=$key"; break;   case 'POST':     $sql = "insert into `$table` set $set"; break;   case 'DELETE':     $sql = "delete `$table` where id=$key"; break; }   // excecute SQL statement $result = mysqli_query($link,$sql);   // die if SQL statement failed if (!$result) {   http_response_code(404);   die(mysqli_error()); }   // print results, insert id or affected row count if ($method == 'GET') {   if (!$key) echo '[';   for ($i=0;$i<mysqli_num_rows($result);$i++) {     echo ($i>0?',':'').json_encode(mysqli_fetch_object($result));   }   if (!$key) echo ']'; } elseif ($method == 'POST') {   echo mysqli_insert_id($link); } else {   echo mysqli_affected_rows($link); }   // close mysql connection mysqli_close($link);

This code is written to show you how simple it is to make a fully operational REST API in PHP.

Running

Save this file as “api.php” in your (Apache) document root and call it using:

http://localhost/api.php/{$table}/{$id}

Or you can use the PHP built-in webserver from the command line using:

$ php -S localhost:8888 api.php

The URL when ran in from the command line is:

http://localhost:8888/api.php/{$table}/{$id}

NB: Don’t forget to adjust the ‘mysqli_connect’ parameters in the above script!

REST API in a single PHP file

Although the above code is not perfect it actually does do 3 important things:

1. Support HTTP verbs GET, POST, UPDATE and DELETE
2. Escape all data properly to avoid SQL injection
3. Handle null values correctly

One could thus say that the REST API is fully functional. You may run into missing features of the code, such as:

1. No related data (automatic joins) supported
2. No condensed JSON output supported
3. No support for PostgreSQL or SQL Server
4. No POST parameter support
5. No JSONP/CORS cross domain support
6. No base64 binary column support
7. No permission system
8. No search/filter support
9. No pagination or sorting supported
10. No column selection supported

Don’t worry, all these features are available in php-crud-api, which you can get from Github. On the other hand, now that you have the essence of the application, you may also write your own!