Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Rooly2021-03-23 11:40:40
PHP
Rooly, 2021-03-23 11:40:40

How to properly organize apiResource Laravel?

Colleagues, could you share some advice.

I once wrote for one REST API project (get, post, put, delete methods) and did getting data from the model using the protected $hidden and protected $ appends properties, but I did the getting using the getAttrNameAttribute ($ value) functions.

Recently, I learned about such Laravel functionality as apiResource and I can’t accept it in any way, or I’m used to what I found, now I need to make a REST API for one project and again I want to apply the initial workpiece (maybe just because I'm used to it)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
N
Nick Sdk, 2018-03-05
@borgore

Added one more condition to make it more "correct"

$sql_type_array = [];
for ($i=1; $i<=11; $i++) {
  $tag_name = 'tag' . $i;
  if (isset($_POST[$tag_name]) && (int)$_POST[$tag_name] === 1) {
    $sql_type_array[] = 'type' . $i . ' != NULL';
  }
}
$query3 = mysqli_query($lnk, "SELECT * FROM applications WHERE name='".$_POST['name']."' AND status='".$_POST['status']."' " . implode(' AND ', sql_type_array);

In general, it is better to never make such requests at all when your data from POST or GET goes directly to the SQL query.
In a case like yours, you can easily perform SQL injection
Read about SQL injection
phpprofi.ru/blogs/post/35
habrahabr.ru/post/148151/habrahabr.ru/company/pentestit/blog/326362/
and
about prepared SQL
php.net/manual/en/mysqli.quickstart.prepared-state...
php.net/manual/en/pdo.prepared-statements.php

Report
J
jazzus, 2021-03-23
@jazzus

Api resources do not cancel the methods of working with the model. Using Laravel and using some of your semi-bicycles instead of laravel tools (for example, response json with models) is not prohibited, but it is unprofessional, illogical (why do you need a framework then), ugly and makes the quality of the code worse (readability, support, etc.). Therefore, only - yes, use, no options) In resources, you can use getters or not use getters, but form parameters directly in the resource, links to other resources, etc. Including collections. There are no difficulties there. You list the required parameters in the resource and call them in the controller with one line of code. Usually 2 minutes for the whole process.

Similar questions
I
Ivan Zhuravlev2019-10-07 20:13:32
How to set up routing on Raspberry Pi? 2Reply
D
dremk2015-05-30 14:46:46
Can you please give some advice on learning Unity? 4Reply
R
r1der2017-05-18 18:12:04
Python urllib2 vs PHP curl. How to deal with ETag? 3Reply
F
frontendo2017-05-20 13:09:57
Is there a possibility in Laravel using querybuilder to make queries with subqueries? 3Reply
S
Seth262015-06-08 21:54:01
Filling out the finished document form on the site and saving it in PDF, how to implement it? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question