alvin/pokedex
1
0
Fork 0
mirror of https://github.com/Alvin-Zilverstand/pokedex.git synced 2026-03-06 11:07:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update api.php

Browse Source
This commit is contained in:
07jer
2025-03-20 09:08:35 +01:00
parent 048ca0e86f
commit 180b449915
1 changed files with 82 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
school-pokedex/api.php
View File

@@ -15,71 +15,137 @@ if ($conn->connect_error) {
header('Content-Type: application/json'); header('Content-Type: application/json');
// Ensure the request is using JSON
if ($_SERVER['CONTENT_TYPE'] !== 'application/json') {
echo json_encode(['error' => 'Content-Type must be application/json']);
exit;
}
$method = $_SERVER['REQUEST_METHOD']; $method = $_SERVER['REQUEST_METHOD'];
$request = explode('/', trim($_SERVER['PATH_INFO'],'/')); $request = explode('/', trim($_SERVER['PATH_INFO'], '/'));
switch ($method) { switch ($method) {
case 'GET': case 'GET':
if (isset($request[0]) && is_numeric($request[0])) { if (isset($request[0]) && is_numeric($request[0])) {
$id = $request[0]; $id = $request[0];
$sql = "SELECT * FROM pokemons WHERE id=$id"; $stmt = $conn->prepare("SELECT * FROM pokemons WHERE id = ?");
$result = $conn->query($sql); $stmt->bind_param("i", $id);
if ($result) { $stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
echo json_encode($result->fetch_assoc()); echo json_encode($result->fetch_assoc());
} else { } else {
echo json_encode(['error' => 'No record found']); echo json_encode(['error' => 'No record found']);
} }
$stmt->close();
} else { } else {
$sql = "SELECT * FROM pokemons"; $sql = "SELECT * FROM pokemons";
$result = $conn->query($sql); $result = $conn->query($sql);
$pokemons = []; $pokemons = [];
while($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$pokemons[] = $row; $pokemons[] = $row;
} }
echo json_encode($pokemons); echo json_encode($pokemons);
} }
break; break;
case 'POST': case 'POST':
$data = json_decode(file_get_contents('php://input'), true); $data = json_decode(file_get_contents('php://input'), true);
if (!isset($data['name'], $data['type'], $data['image'], $data['stats'], $data['info'])) {
echo json_encode(['error' => 'Missing required fields']);
exit;
}
$name = $data['name']; $name = $data['name'];
$type = $data['type']; $type = $data['type'];
$image = $data['image']; $image = $data['image'];
$stats = json_encode($data['stats']); $stats = json_encode($data['stats']);
$info = $data['info']; $info = $data['info'];
$sql = "INSERT INTO pokemons (name, type, image, stats, info) VALUES ('$name', '$type', '$image', '$stats', '$info')";
if ($conn->query($sql) === TRUE) { // Prepared statement to prevent SQL injection
echo json_encode(['id' => $conn->insert_id, 'name' => $name, 'type' => $type, 'image' => $image, 'stats' => $stats, 'info' => $info]); $stmt = $conn->prepare("INSERT INTO pokemons (name, type, image, stats, info) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $name, $type, $image, $stats, $info);
if ($stmt->execute()) {
echo json_encode([
'id' => $conn->insert_id,
'name' => $name,
'type' => $type,
'image' => $image,
'stats' => $stats,
'info' => $info
]);
} else { } else {
error_log("Insert error: " . $conn->error); error_log("Insert error: " . $conn->error);
echo json_encode(['error' => $conn->error]); echo json_encode(['error' => 'Failed to insert record']);
} }
$stmt->close();
break; break;
case 'PUT': case 'PUT':
if (!isset($request[0]) || !is_numeric($request[0])) {
echo json_encode(['error' => 'ID is required']);
exit;
}
$id = $request[0]; $id = $request[0];
$data = json_decode(file_get_contents('php://input'), true); $data = json_decode(file_get_contents('php://input'), true);
if (!isset($data['name'], $data['type'], $data['image'], $data['stats'], $data['info'])) {
echo json_encode(['error' => 'Missing required fields']);
exit;
}
$name = $data['name']; $name = $data['name'];
$type = $data['type']; $type = $data['type'];
$image = $data['image']; $image = $data['image'];
$stats = json_encode($data['stats']); $stats = json_encode($data['stats']);
$info = $data['info']; $info = $data['info'];
$sql = "UPDATE pokemons SET name='$name', type='$type', image='$image', stats='$stats', info='$info' WHERE id=$id";
if ($conn->query($sql) === TRUE) { // Prepared statement to prevent SQL injection
echo json_encode(['id' => $id, 'name' => $name, 'type' => $type, 'image' => $image, 'stats' => $stats, 'info' => $info]); $stmt = $conn->prepare("UPDATE pokemons SET name=?, type=?, image=?, stats=?, info=? WHERE id=?");
$stmt->bind_param("sssssi", $name, $type, $image, $stats, $info, $id);
if ($stmt->execute()) {
echo json_encode([
'id' => $id,
'name' => $name,
'type' => $type,
'image' => $image,
'stats' => $stats,
'info' => $info
]);
} else { } else {
error_log("Update error: " . $conn->error); error_log("Update error: " . $conn->error);
echo json_encode(['error' => $conn->error]); echo json_encode(['error' => 'Failed to update record']);
} }
$stmt->close();
break; break;
case 'DELETE': case 'DELETE':
if (!isset($request[0]) || !is_numeric($request[0])) {
echo json_encode(['error' => 'ID is required']);
exit;
}
$id = $request[0]; $id = $request[0];
$sql = "DELETE FROM pokemons WHERE id=$id";
if ($conn->query($sql) === TRUE) { // Prepared statement to prevent SQL injection
$stmt = $conn->prepare("DELETE FROM pokemons WHERE id = ?");
$stmt->bind_param("i", $id);
if ($stmt->execute()) {
echo json_encode(['id' => $id]); echo json_encode(['id' => $id]);
} else { } else {
error_log("Delete error: " . $conn->error); error_log("Delete error: " . $conn->error);
echo json_encode(['error' => $conn->error]); echo json_encode(['error' => 'Failed to delete record']);
} }
$stmt->close();
break; break;
default: default:
echo json_encode(['error' => 'Invalid request method']); echo json_encode(['error' => 'Invalid request method']);
break; break;