Another milestone is reached for the PHP-CRUD-API project. A project that aims to provide a high performance, consistent data API over REST that is easy to deploy (it is a single PHP file!) and requires minimal configuration. By popular demand we have added four important new features:
- Tables and the actions on them can be restricted with custom rules.
- Access to specific columns can be restricted using your own algorithm.
- You can specify “sanitizers” to, for example, strip HTML tags from input.
- You can specify “validators” functions to show errors on invalid input.
These features are built by allowing you to define callback functions in your configuration. These functions can then contain your application specific logic. How these function work and how you can load them is explained below.
Table authorizer
The following function can be used to authorize access to specific tables:
/** * @param action 'create','read','update','delete','list' * @param database name of your database (e.g. 'northwind') * @param table name of the table (e.g. 'customers') * @returns bool indicates that access is granted **/ $f1=function($action,$database,$table){ return true; };
Column authorizer
The following function can be used to authorize access to specific columns:
/** * @param action 'create','read','update','delete','list' * @param database name of your database (e.g. 'northwind') * @param table name of the table (e.g. 'customers') * @param column name of the column (e.g. 'password') * @returns bool indicates that access is granted **/ $f2=function($action,$database,$table,$column){ return true; };
Input sanitizer
The following function can be used to sanitize input for specific columns:
/** * @param action 'create','read','update','delete','list' * @param database name of your database (e.g. 'northwind') * @param table name of the table (e.g. 'customers') * @param column name of the column (e.g. 'username') * @param type type of the column (depends on engine) * @param value input from the user (e.g. 'johndoe88') * @returns string sanitized value **/ $f3=function($action,$database,$table,$column,$type,$value){ return $value; };
Input validator
The following function can be used to validate input for specific columns:
/** * @param action 'create','read','update','delete','list' * @param database name of your database (e.g. 'northwind') * @param table name of the table (e.g. 'customers') * @param column name of the column (e.g. 'username') * @param type type of the column (depends on engine) * @param value input from the user (e.g. 'johndoe88') * @param context all input fields in this action * @returns string validation error (if any) or null **/ $f4=function($action,$database,$table,$column,$type,$value,$context){ return null; };
Configuration
This is an example configuration that requires the above snippets to be defined.
$api = new MySQL_CRUD_API(array( 'hostname'=>'localhost', 'username'=>'xxx', 'password'=>'xxx', 'database'=>'xxx', 'charset'=>'utf8', 'table_authorizer'=>$f1, 'column_authorizer'=>$f2, 'input_sanitizer'=>$f3, 'input_validator'=>$f4 )); $api->executeCommand();
You can find the project on Github.