I'm trying to make a REST API that uses a POST to create a new object in my database. I'm using the Slim framework.
The problem it's that I'm not sure about what I exactly have to put in these lines on my POST method:
$app->response->headers->set("Content-type","application/json");
$app->response->status(200);
$app->response->body(json_encode(**Here they put the name of the type of the object that they have in their database**));
My full POST route is:
$app->post("/cars/", function() use($app)
{
$idCar = $app->request->post("idCar");
$name = $app->request->post("name");
try{
$connection = getConnection();
$dbh = $connection->prepare("INSERT INTO cars VALUES(?,?)");
$dbh->bindParam(1,$idCar);
$dbh->bindParam(2,$name);
$dbh->execute();
$connection = null;
$app->response->headers->set("Content-type","application/json");
$app->response->status(200);
$app->response->body(json_encode(**What I have to put here?**));
}catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
});
In the table cars there are objects Car.
Should I put it like this?:
$app->response->headers->set("Content-type","application/json");
$app->response->status(200);
$app->response->body(json_encode($Car));
I'm a bit confused because in the tutorials that I saw before, in the POST method they don't have any reference to the name of the variable inside the POST route. For example, if they use $fruit they didn't declare any variable named $fruit inside their route.
What should I do? Is my answer correct?
The simple answer is that you can put whatever you want in your response. See this question.
This is a design problem, not a question of being "correct". You should ask yourself how you intend for the API to be consumed. Once the consumer creates the object, will they need a convenient way to access it again (without having to look it up based on some other criteria)? In that case, you might want to return just the id of the object you created in your response. You could also return the entire object in your response, but be careful - in some cases, there might be something in the database representation of a Car that should not be available to the end user. For example, maybe they should see the Car's name, make, and model, but not its buyerSocialSecurityNumber.
In any case, you'll need to fetch any additional information after running the INSERT query with another query. For example, assuming there is more information than just the id and name, I could do something like:
$connection = getConnection();
$dbh = $connection->prepare("INSERT INTO cars VALUES(?,?)");
$dbh->bindParam(1,$idCar);
$dbh->bindParam(2,$name);
$dbh->execute();
$newCarId = $dbh->lastInsertId();
$car = $dbh->query("SELECT * FROM cars WHERE id = $newCarId");
$connection = null;
$app->response->headers->set("Content-type","application/json");
$app->response->status(200);
$app->response->body(json_encode($car));
Note that in this case, it is safe to interpolate $newCarId directly into a query because it is trusted content - i.e. not user input.