Book Image

Building RESTful Web Services with PHP 7

By : Waheed ud din
Book Image

Building RESTful Web Services with PHP 7

By: Waheed ud din

Overview of this book

REST is the most wide spread and effective standard to develop APIs for internet services. With the way PHP and its eco-system has modernized the way code is written by simplifying various operations, it is useful to develop RESTful APIs with PHP 7 and modern tools. This book explains in detail how to create your own RESTful API in PHP 7 that can be consumed by other users in your organization. Starting with a brief introduction to the fundamentals of REST architecture and the new features in PHP 7, you will learn to implement basic RESTful API endpoints using vanilla PHP. The book explains how to identify flaws in security and design and teach you how to tackle them. You will learn about composer, Lumen framework and how to make your RESTful API cleaner, secure and efficient. The book emphasizes on automated tests, teaches about different testing types and give a brief introduction to microservices which is the natural way forward. After reading this book, you will have a clear understanding of the REST architecture and you can build a web service from scratch.
Table of Contents (16 chapters)
Title Page
About the Author
About the Reviewer
Customer Feedback

Visible flaws

Although the we discussed in the previous sections will work, there are many loopholes in it. We will look into the different problems in the next chapters, however here let's see three of them here and also see how we can solve them:

  • Validation
  • Authentication
  • No response in case of 404


Right now in our code, although we are using PDO prepare and bindValue() methods, it will just save it from SQL injection. However, we are not all fields in the case insert and update. We need to validate that the title should be of a specific limit, the status should be either draft or published, and the user_id should be always one of IDs in the users table.


The first and simple solution is to manual checks to validate data coming from the user's end. This is simple but it is a lot of work. That means it will work but we can miss something, and if we do not miss any check, it will be a lot of low level detail to deal with.

So a better way is to utilize some open source package...