检查Rest API中是否存在记录?
[英]Check if record exist in Rest API?
问题描述
I'm writing my Rest API, and I have a doubt regarding the methods of INSERT / UPDATE / DELETE . 
我正在编写我的Rest API,并且对INSERT / UPDATE / DELETE的方法有疑问。 In particular before performing any of the above methods I want to check if the record passed in the URI exists as: 特别是在执行上述任何一种方法之前,我想检查URI中传递的记录是否存在:
endpoints/api/user/{id}
now my idea would be to place everything in the layer that I created by extending the PDO functions with such a method: 现在,我的想法是将所有内容放置在通过使用以下方法扩展PDO函数而创建的层中:
public function getWhere($table, $where)
{
return $this->exec("SELECT * FROM $table WHERE $where");
}
And back appropriately true or false if the record has been found or not. 如果找到记录,则返回正确的true或false 。 But I wonder if this method is safe against sql injection . 但是我想知道这种方法是否可以安全地防止sql injection 。 I also wonder if there is some other way to see if the record exists before update it or add it. 我还想知道是否有其他方法可以查看记录是否存在,然后再对其进行更新或添加。 I think my API will become something like a hundred models, so I need an efficient solution to be used in any model with ease. 我认为我的API会变成一百种模型,因此我需要一种有效的解决方案,以便轻松地在任何模型中使用。
1 个解决方案
解决方案1
3 已采纳 2016-04-03 17:09:46
Don't extend the PDO classes with your own methods thinking it will help. 不要用自己的方法扩展PDO类,以免会有所帮助。 It does not, please read Your first database wrapper's childhood diseases . 否,请阅读您的第一个数据库包装程序的儿童疾病 。
Use normal prepared statements to get a row for a specific id like: 使用常规的准备好的语句来获取特定ID的行,例如:
$stmt = $dbh->prepare('SELECT columns FROM users WHERE id = ?');
/* work with $stmt */
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.