An API key is used by a lot of Web API to provide a form of access control. The key usually is linked to the identity of the API user as well as bundle of rights like a quota or areas of the APIs which are open for access to that key
Example::
<?php// get the HTTP method, path and body of the request$method = $_SERVER['REQUEST_METHOD'];$request = explode('/', trim($_SERVER['PATH_INFO'],'/'));$input = json_decode(file_get_contents('php://input'),true);// connect to the mysql database$link = mysqli_connect('localhost', 'root', 'root', 'myDB');mysqli_set_charset($link,'utf8');// retrieve the table and key from the path$table = preg_replace('/[^a-z0-9_]+/i','',array_shift($request));$key = array_shift($request)+0;// escape the columns and values from the input object$columns = preg_replace('/[^a-z0-9_]+/i','',array_keys($input));$values = array_map(function ($value) use ($link) {if ($value===null) return null;return mysqli_real_escape_string($link,(string)$value);},array_values($input));// build the SET part of the SQL command$set = '';for ($i=0;$i<count($columns);$i++) {$set.=($i>0?',':'').'`'.$columns[$i].'`=';$set.=($values[$i]===null?'NULL':'"'.$values[$i].'"');}// create SQL based on HTTP methodswitch ($method) {case 'GET':$sql = "select * from `myform`".($key?" WHERE id=$key":''); break;case 'PUT':$sql = "update `myform` set $set where id=$key"; break;case 'POST':$sql = "insert into `myform` set $set"; break;case 'DELETE':$sql = "delete `myform` where id=$key"; break;}// excecute SQL statement$result = mysqli_query($link,$sql);// die if SQL statement failedif (!$result) {http_response_code(404);die(mysqli_error());}// print results, insert id or affected row countif ($method == 'GET') {if (!$key) echo '[';for ($i=0;$i<mysqli_num_rows($result);$i++) {echo ($i>0?',':'').json_encode(mysqli_fetch_object($result));}if (!$key) echo ']';} elseif ($method == 'POST') {echo mysqli_insert_id($link);} else {echo mysqli_affected_rows($link);}// close mysql connectionmysqli_close($link);?>
No comments:
Post a Comment