Model Save From $_Get

albertski · May 4, 2013, 1:20am

If am getting the data from $_GET. Do I need to create any special validators in my model? I only have the default rules.




// Create Registration Event

$regEvent = new RegEvent;

$regEvent->email = $_GET['email'];

$regEvent->cid = $_GET['cid'];

$regEvent->date = $_GET['date'];

$regEvent->classification = $_GET['classification'];

$regEvent->score = $_GET['score'];

$regEvent->sent_to = $_GET['sent_to'];

$regEvent->description = $_GET['description'];

if(!$regEvent->save()) {

  $pass = FALSE;

  Yii::log('Failed to save RegEvent ' . $url, 'error', 'api');

  $this->_sendResponse(501, sprintf('Error: Registration Event did not save correctly!'));

  Yii::app()->end();

}

danschmidt5189 · May 4, 2013, 1:45am

Validator execution is governed by scenario, not assignment source. The model has no way of "knowing" where the values came from.

Is there a reason you’re not using massive assignment? By assigning them individually your ‘safe’ assignment rules WILL BE IGNORED. Something like $model->attributes = $_GET[‘ClassName’] is preferable to what you’re doing if you can swing it.

In any case, it’s not considered good practice to do resource modification using GET. The GET HTTP method means “retrieve the resource”. If you’re creating or editing a resource try using POST or PUT.

albertski · May 4, 2013, 5:17pm

I am creating a simple API that allows someone to add data to the database via URL like this:


http://localhost:8888/leadworks/leadworks/Api/reg?email=tester%40test.com&cid=18&1=Test&2=User&city=Chicago&first_name=Anthony&last_name=Stanley&country=USA&zip=60491&address=14459%20S%20Abbott%20Rd%20East&1=test@test.com&25=Test%Method&11=IL

I use $_GET to get the values? You think this is bad? What way would you recommend?

danschmidt5189 · May 6, 2013, 6:25pm

albertski:

I am creating a simple API that allows someone to add data to the database via URL like this:
http://localhost:8888/leadworks/leadworks/Api/reg?email=tester%40test.com&cid=18&1=Test&2=User&city=Chicago&first_name=Anthony&last_name=Stanley&country=USA&zip=60491&address=14459%20S%20Abbott%20Rd%20East&1=test@test.com&25=Test%Method&11=IL
I use $_GET to get the values? You think this is bad? What way would you recommend?

Enjoy: APIgee’s API Best Practice’s Blog.

Lots of great tips and reading there.

If you’re dealing with developers (and with an API you must be, right?) I would use GET and POST methods to differentiate between getting data and adding new data to the database. Eg:

GET api.site.com/v1/people - retrieves a list of people

POST api.site.com/v1/people - adds a new person to the database

GET api.site.com/v1/people/1 - retrieves person with ID 1

POST api.site.com/v1/people/1 - Update the person with ID 1

Others might recommend support for the PUT and DELETE methods, but DELETE is relatively unknown and I don’t think many will care about the POST/PUT distinction.

See also the new Paypal API docs for some good examples.