PHP Classes

File: src/Myapi.php

Recommend this page to a friend!
  Packages of Barton Phillips   Simple Site Class   src/Myapi.php   Download  
File: src/Myapi.php
Role: Example script
Content type: text/plain
Description: Example script
Class: Simple Site Class
Simple Site Class
Author: By
Last change:
Date: 8 days ago
Size: 1,549 bytes
 

Contents

Class file image Download
<?php
$_site = require_once getenv("SITELOADNAME");
// Because bartonlp.com/otherpages have mysitemap.json dbinfo->database = 'barton' we don't need
// the special $_site->dbinfo->database!

$db = new dbPdo($_site);

header('Content-Type: application/json'); // Make it application/json.

// --- read JSON input ---
$input = json_decode(file_get_contents('php://input'), true);

// --- basic validation ---
if(!is_array($input)) {
  http_response_code(400);
  error_log("Myapi.php error=invalid from \$input:" . print_r($input, true));
  exit;
}

//error_log("Myapi.php input: " . print_r($input, true));

try {
  $sql = $input['sql']; // select or insert
  $params = $input['params'];

  //error_log("Myapi.php sql=$sql\nparams: " . print_r($params, true));
 
  $result = $db->sql($sql, $params);

  $allowedTables = ['insert', 'update', 'delete', 'create', 'drop', 'alter', 'truncate', 'set', 'grant', 'revoke', 'use'];
  if(in_array(strstr(haystack: $sql, needle: ' ', before_needle: true), $allowedTables)) {
    echo json_encode($result);
    exit;
  }

  $result = [];
  while($tbl = $db->fetchrow('assoc')) {
    $result[] = $tbl;
  }
  //error_log("Myapi.php get fetchrow result: " . print_r($result, true));
   
  echo json_encode($result);
  exit;
} catch(\Throwable $e) {
  error_log("Myapi.php ERROR: code=500\n{$e->getMessage()}\n{$e->getFile()}\n{$e->getLine()}");
  echo json_encode(["ok, Myapi.php" => false,
                    "error" => "code=500\n{$e->getMessage()}\n{$e->getFile()}\n{$e->getLine()}",
                   ]);
}