I need help on how to make an API for PHP. I was trying to make one web server communicate with another webserver through PHP.
I also want it to update MySQL code. I was using $_GET but it was less secure. Here is my code, can you please take a look at it?
<?php
/*
example: website-url-here.com/?command=insert-command-here&password=testing
*/
$command = $_GET["command"];
$password = $_GET["password"];
if ($password == "testing") {
//Was not a good idea, less secure.
//echo eval($command);
//More secure
if ($command == "create-user")
{
//create user command here
}
else if ($command == "delete-user")
{
//delete user command here
}
else
{
die("Command is incorrect");
}
}
echo "Success";
?>
This question is way too open ended to answer in a StackOverflow answer. Try reading up a little on REST, and a lot on PDO, especially in the context of sanitizing user input.
Think about what would happen if somebody called your api with [url]?command=rm -rf .&password=testing