My RESTful interface works fine until I try to pass a WHERE statement
Example:
perimeters that are passed:
SELECT = "this";
FROM = "that";
WHERE = " 'ID' = 332";
the URL might look like this
www.example.com/rest.php?SELECT=this&FROM=that&WHERE='ID'=332
then in my php script
if (isset($_GET['SELECT']))
{
$SELECT = $_GET['SELECT'];
}
if (isset($_GET['FROM']))
{
$FROM = $_GET['FROM'];
}
if (isset($_GET['WHERE']))
{
$WHERE = $_GET['WHERE'];
}
So Im thinking that the equals sign in the WHERE statement is messing it up. Would I be correct in this statement?
And if so what might be an alternative?
RESTful interfaces are about resources that are permalinks. Exposing direct queries over your database does not encapsulate your storage layer and is not RESTful. It's a transparent RPC mechanism over http to query your database (directly by the consumer).
In your example:
www.example.com/rest.php?SELECT=this&FROM=that&WHERE='ID'=332
'that' seems to be the resource, 'this' is the data on it and id is the unique reference to that object.
So, to be more restful, consider:
www.example.com/api/that/{id}
The data returned contains the 'columns' or attributes
{
attr1:val1,
attr2:val2
}
Your server can map that/{id} to a method which takes the id, formulates the necessary sql query, get's the tabular data, populates an objects and returns it (serializing to json, xml, etc...)
If you need to further filter, consider querystrng params to control the options (but not a sql where clause).
www.example.com/api/that/{id}?option=val1&option2=val2