{"id":13405094,"url":"https://github.com/mevdschee/php-crud-api","last_synced_at":"2025-05-14T22:05:42.655Z","repository":{"id":27100488,"uuid":"30567860","full_name":"mevdschee/php-crud-api","owner":"mevdschee","description":"Single file PHP script that adds a REST API to a SQL database","archived":false,"fork":false,"pushed_at":"2024-11-22T07:05:44.000Z","size":4007,"stargazers_count":3684,"open_issues_count":89,"forks_count":1019,"subscribers_count":171,"default_branch":"main","last_synced_at":"2025-05-14T22:05:27.592Z","etag":null,"topics":["api-server","automatic-api","crud","database","geojson","geospatial","multi-database","mysql","openapi","php","php-api","postgis","postgresql","rest-api","restful","sql-database","sqlite","sqlserver","swagger"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mevdschee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-02-10T01:08:52.000Z","updated_at":"2025-05-13T21:59:44.000Z","dependencies_parsed_at":"2024-04-28T09:23:36.218Z","dependency_job_id":"a1dc3ab3-be5d-4e5a-812c-ce2fd1031646","html_url":"https://github.com/mevdschee/php-crud-api","commit_stats":{"total_commits":1941,"total_committers":44,"mean_commits":44.11363636363637,"dds":"0.11076764554353424","last_synced_commit":"8ac45614d8f061565bbd98e8afee97dc2e38e320"},"previous_names":[],"tags_count":236,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mevdschee%2Fphp-crud-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mevdschee%2Fphp-crud-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mevdschee%2Fphp-crud-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mevdschee%2Fphp-crud-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mevdschee","download_url":"https://codeload.github.com/mevdschee/php-crud-api/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254235687,"owners_count":22036962,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-server","automatic-api","crud","database","geojson","geospatial","multi-database","mysql","openapi","php","php-api","postgis","postgresql","rest-api","restful","sql-database","sqlite","sqlserver","swagger"],"created_at":"2024-07-30T19:01:55.671Z","updated_at":"2025-05-14T22:05:42.615Z","avatar_url":"https://github.com/mevdschee.png","language":"PHP","readme":"# PHP-CRUD-API\n\nSingle file PHP script that adds a REST API to a MySQL/MariaDB, PostgreSQL, SQL Server or SQLite database. \n\nHowto: Upload \"`api.php`\" to your webserver, configure it to connect to your database, have an instant full-featured REST API.\n\nNB: This is the [TreeQL](https://treeql.org) reference implementation in PHP.\n\n## Requirements\n\n  - PHP 7.2 or higher with PDO drivers enabled for one of these database systems:\n    - MySQL 5.7 / MariaDB 10.0 or higher for spatial features in MySQL\n    - PostgreSQL 9.5 or higher with PostGIS 2.2 or higher for spatial features\n    - SQL Server 2017 or higher (2019 also has Linux support)\n    - SQLite 3.16 or higher (spatial features NOT supported)\n\n## Installation\n\nDownload the \"`api.php`\" file from the latest release:\n\nhttps://github.com/mevdschee/php-crud-api/releases/latest or direct from:  \nhttps://raw.githubusercontent.com/mevdschee/php-crud-api/main/api.php\n\nThis is a single file application! Upload \"`api.php`\" somewhere and enjoy!\n\nFor local development you may run PHP's built-in web server:\n\n    php -S localhost:8080\n\nTest the script by opening the following URL:\n\n    http://localhost:8080/api.php/records/posts/1\n\nDon't forget to modify the configuration at the bottom of the file.\n\nAlternatively you can integrate this project into the web framework of your choice, see:\n\n- [Automatic REST API for Laravel](https://tqdev.com/2019-automatic-rest-api-laravel)\n- [Automatic REST API for Symfony 4](https://tqdev.com/2019-automatic-rest-api-symfony)\n- [Automatic REST API for SlimPHP 4](https://tqdev.com/2019-automatic-api-slimphp-4)\n\nIn these integrations [Composer](https://getcomposer.org/) is used to load this project as a dependency.\n\nFor people that don't use composer, the file \"`api.include.php`\" is provided. This file contains everything \nfrom \"`api.php`\" except the configuration from \"`src/index.php`\" and can be used by PHP's \"include\" function.\n\n## Configuration\n\nEdit the following lines in the bottom of the file \"`api.php`\":\n\n    $config = new Config([\n        'username' =\u003e 'xxx',\n        'password' =\u003e 'xxx',\n        'database' =\u003e 'xxx',\n    ]);\n\nThese are all the configuration options and their default value between brackets:\n\n- \"driver\": `mysql`, `pgsql`, `sqlsrv` or `sqlite` (`mysql`)\n- \"address\": Hostname (or filename) of the database server (`localhost`)\n- \"port\": TCP port of the database server (defaults to driver default)\n- \"username\": Username of the user connecting to the database (no default)\n- \"password\": Password of the user connecting to the database (no default)\n- \"database\": Database the connecting is made to (no default)\n- \"command\": Extra SQL to initialize the database connection (none)\n- \"tables\": Comma separated list of tables to publish (defaults to 'all')\n- \"mapping\": Comma separated list of table/column mappings (no mappping)\n- \"geometrySrid\": SRID assumed when converting from WKT to geometry (`4326`)\n- \"middlewares\": List of middlewares to load (`cors`)\n- \"controllers\": List of controllers to load (`records,geojson,openapi,status`)\n- \"customControllers\": List of user custom controllers to load (no default)\n- \"openApiBase\": OpenAPI info (`{\"info\":{\"title\":\"PHP-CRUD-API\",\"version\":\"1.0.0\"}}`)\n- \"cacheType\": `TempFile`, `Redis`, `Memcache`, `Memcached` or `NoCache` (`TempFile`)\n- \"cachePath\": Path/address of the cache (defaults to system's temp directory)\n- \"cacheTime\": Number of seconds the cache is valid (`10`)\n- \"jsonOptions\": Options used for encoding JSON (`JSON_UNESCAPED_UNICODE`)\n- \"debug\": Show errors in the \"X-Exception\" headers (`false`)\n- \"basePath\": URI base path of the API (determined using PATH_INFO by default)\n\nAll configuration options are also available as environment variables. Write the config option with capitals, a \"PHP_CRUD_API_\" prefix and underscores for word breakes, so for instance:\n\n- PHP_CRUD_API_DRIVER=mysql\n- PHP_CRUD_API_ADDRESS=localhost\n- PHP_CRUD_API_PORT=3306\n- PHP_CRUD_API_DATABASE=php-crud-api\n- PHP_CRUD_API_USERNAME=php-crud-api\n- PHP_CRUD_API_PASSWORD=php-crud-api\n- PHP_CRUD_API_DEBUG=1\n\nThe environment variables take precedence over the PHP configuration.\n\n## Limitations\n\nThese limitation and constrains apply:\n\n  - Primary keys should either be auto-increment (from 1 to 2^53) or UUID\n  - Composite primary and composite foreign keys are not supported\n  - Complex writes (transactions) are not supported\n  - Complex queries calling functions (like \"concat\" or \"sum\") are not supported\n  - Database must support and define foreign key constraints\n  - SQLite cannot have bigint typed auto incrementing primary keys\n  - SQLite does not support altering table columns (structure)\n    \n## Features\n\nThe following features are supported:\n\n  - Composer install or single PHP file, easy to deploy.\n  - Very little code, easy to adapt and maintain\n  - Supports POST variables as input (x-www-form-urlencoded)\n  - Supports a JSON object as input\n  - Supports a JSON array as input (batch insert)\n  - Sanitize and validate input using type rules and callbacks\n  - Permission system for databases, tables, columns and records\n  - Multi-tenant single and multi database layouts are supported\n  - Multi-domain CORS support for cross-domain requests\n  - Support for reading joined results from multiple tables\n  - Search support on multiple criteria\n  - Pagination, sorting, top N list and column selection\n  - Relation detection with nested results (belongsTo, hasMany and HABTM)\n  - Atomic increment support via PATCH (for counters)\n  - Binary fields supported with base64 encoding\n  - Spatial/GIS fields and filters supported with WKT and GeoJSON\n  - Mapping table and column names to support legacy systems\n  - Generate API documentation using OpenAPI tools\n  - Authentication via API key, JWT token or username/password\n  - Database connection parameters may depend on authentication\n  - Support for reading database structure in JSON\n  - Support for modifying database structure using REST endpoint\n  - Security enhancing middleware is included\n  - Standard compliant: PSR-4, PSR-7, PSR-12, PSR-15 and PSR-17\n\n## Related projects and ports\n\nRelated projects:\n\n  - [PHP-CRUD-API Quick Start](https://github.com/nik2208/php-crud-api-quick-start): A customizable, ready to go, docker compose file featuring PHP-CRUD-API.\n  - [PHP-CRUD-API filter generator](https://thipages.github.io/jca-filter/#): A JavaScript library creating PHP-CRUD-API filters from expressions.\n  - [JS-CRUD-API](https://github.com/thipages/js-crud-api): A JavaScript client library for the API of PHP-CRUD-API\n  - [PHP-API-AUTH](https://github.com/mevdschee/php-api-auth): Single file PHP script that is an authentication provider for PHP-CRUD-API\n  - [PHP-CRUD-UI](https://github.com/mevdschee/php-crud-ui): Single file PHP script that adds a UI to a PHP-CRUD-API project.\n  - [PHP-CRUD-ADMIN](https://github.com/mevdschee/php-crud-admin): Single file PHP script that adds a database admin interface to a PHP-CRUD-API project.\n  - [PHP-SP-API](https://github.com/mevdschee/php-sp-api): Single file PHP script that adds a REST API to a SQL database.\n  - [dexie-mysql-sync](https://github.com/scriptPilot/dexie-mysql-sync): Synchronization between local IndexedDB and MySQL Database. \n  - [ra-data-treeql](https://github.com/nkappler/ra-data-treeql): NPM package that provides a [Data Provider](https://marmelab.com/react-admin/DataProviderIntroduction.html) for [React Admin](https://marmelab.com/react-admin/).\n  - [scriptPilot/vueuse](https://github.com/scriptPilot/vueuse/): Vue [Composables](https://vuejs.org/guide/reusability/composables.html) in addition to [VueUse.org](https://vueuse.org/) (that support PHP-CRUD-API).\n  - [scriptPilot/add-php-backend](https://github.com/scriptPilot/add-php-backend): Add MySQL, phpMyAdmin and PHP-CRUD-API to your dev environment. \n  - [VUE-CRUD-UI](https://github.com/nlware/vue-crud-ui): Single file Vue.js script that adds a UI to a PHP-CRUD-API project.\n  \nThere are also ports of this script in:\n\n- [Go-CRUD-API](https://github.com/dranih/go-crud-api) (work in progress)\n- [Java JDBC by Ivan Kolchagov](https://github.com/kolchagov/java-crud-api) (v1)\n- [Java Spring Boot + jOOQ](https://github.com/mevdschee/java-crud-api/tree/master/full) (v2: work in progress)\n\nThere are also proof-of-concept ports of this script that only support basic REST CRUD functionality in:\n[PHP](https://github.com/mevdschee/php-crud-api/blob/master/extras/core.php),\n[Java](https://github.com/mevdschee/java-crud-api/blob/master/core/src/main/java/com/tqdev/CrudApiHandler.java),\n[Go](https://github.com/mevdschee/go-crud-api/blob/master/api.go),\n[C# .net core](https://github.com/mevdschee/core-data-api/blob/master/Program.cs),\n[Node.js](https://github.com/mevdschee/js-crud-api/blob/master/app.js) and\n[Python](https://github.com/mevdschee/py-crud-api/blob/master/api.py).\n\n## Compilation\n\nYou can install all dependencies of this project using the following command:\n\n    php install.php\n\nYou can compile all files into a single \"`api.php`\" file using:\n\n    php build.php\n\nNote that you don't use compilation when you integrate this project into another project or framework (use Composer instead).\n\n### Development\n\nYou can access the non-compiled code at the URL:\n\n    http://localhost:8080/src/records/posts/1\n\nThe non-compiled code resides in the \"`src`\" and \"`vendor`\" directories. The \"`vendor`\" directory contains the dependencies.\n\n### Updating dependencies\n\nYou can update all dependencies of this project using the following command:\n\n    php update.php\n\nThis script will install and run [Composer](https://getcomposer.org/) to update the dependencies.\n\nNB: The update script will patch the dependencies in the vendor directory for PHP 7.0 compatibility.\n\n## TreeQL, a pragmatic GraphQL\n\n[TreeQL](https://treeql.org) allows you to create a \"tree\" of JSON objects based on your SQL database structure (relations) and your query.\n\nIt is loosely based on the REST standard and also inspired by json:api.\n\n### CRUD + List\n\nThe example posts table has only a a few fields:\n\n    posts  \n    =======\n    id     \n    title  \n    content\n    created\n\nThe CRUD + List operations below act on this table.\n\n#### Create\n\nIf you want to create a record the request can be written in URL format as: \n\n    POST /records/posts\n\nYou have to send a body containing:\n\n    {\n        \"title\": \"Black is the new red\",\n        \"content\": \"This is the second post.\",\n        \"created\": \"2018-03-06T21:34:01Z\"\n    }\n\nAnd it will return the value of the primary key of the newly created record:\n\n    2\n\n#### Read\n\nTo read a record from this table the request can be written in URL format as:\n\n    GET /records/posts/1\n\nWhere \"1\" is the value of the primary key of the record that you want to read. It will return:\n\n    {\n        \"id\": 1\n        \"title\": \"Hello world!\",\n        \"content\": \"Welcome to the first post.\",\n        \"created\": \"2018-03-05T20:12:56Z\"\n    }\n\nOn read operations you may apply joins.\n\n#### Update\n\nTo update a record in this table the request can be written in URL format as:\n\n    PUT /records/posts/1\n\nWhere \"1\" is the value of the primary key of the record that you want to update. Send as a body:\n\n    {\n        \"title\": \"Adjusted title!\"\n    }\n\nThis adjusts the title of the post. And the return value is the number of rows that are set:\n\n    1\n\n#### Delete\n\nIf you want to delete a record from this table the request can be written in URL format as:\n\n    DELETE /records/posts/1\n\nAnd it will return the number of deleted rows:\n\n    1\n\n#### List\n\nTo list records from this table the request can be written in URL format as:\n\n    GET /records/posts\n\nIt will return:\n\n    {\n        \"records\":[\n            {\n                \"id\": 1,\n                \"title\": \"Hello world!\",\n                \"content\": \"Welcome to the first post.\",\n                \"created\": \"2018-03-05T20:12:56Z\"\n            }\n        ]\n    }\n\nOn list operations you may apply filters and joins.\n\n### Filters\n\nFilters provide search functionality, on list calls, using the \"filter\" parameter. You need to specify the column\nname, a comma, the match type, another comma and the value you want to filter on. These are supported match types:\n\n  - \"cs\": contain string (string contains value)\n  - \"sw\": start with (string starts with value)\n  - \"ew\": end with (string end with value)\n  - \"eq\": equal (string or number matches exactly)\n  - \"lt\": lower than (number is lower than value)\n  - \"le\": lower or equal (number is lower than or equal to value)\n  - \"ge\": greater or equal (number is higher than or equal to value)\n  - \"gt\": greater than (number is higher than value)\n  - \"bt\": between (number is between two comma separated values)\n  - \"in\": in (number or string is in comma separated list of values)\n  - \"is\": is null (field contains \"NULL\" value)\n\nYou can negate all filters by prepending a \"n\" character, so that \"eq\" becomes \"neq\". \nExamples of filter usage are:\n\n    GET /records/categories?filter=name,eq,Internet\n    GET /records/categories?filter=name,sw,Inter\n    GET /records/categories?filter=id,le,1\n    GET /records/categories?filter=id,ngt,1\n    GET /records/categories?filter=id,bt,0,1\n    GET /records/categories?filter=id,in,0,1\n\nOutput:\n\n    {\n        \"records\":[\n            {\n                \"id\": 1\n                \"name\": \"Internet\"\n            }\n        ]\n    }\n\nIn the next section we dive deeper into how you can apply multiple filters on a single list call.\n\n### Multiple filters\n\nFilters can be a by applied by repeating the \"filter\" parameter in the URL. For example the following URL: \n\n    GET /records/categories?filter=id,gt,1\u0026filter=id,lt,3\n\nwill request all categories \"where id \u003e 1 and id \u003c 3\". If you wanted \"where id = 2 or id = 4\" you should write:\n\n    GET /records/categories?filter1=id,eq,2\u0026filter2=id,eq,4\n    \nAs you see we added a number to the \"filter\" parameter to indicate that \"OR\" instead of \"AND\" should be applied.\nNote that you can also repeat \"filter1\" and create an \"AND\" within an \"OR\". Since you can also go one level deeper\nby adding a letter (a-f) you can create almost any reasonably complex condition tree.\n\nNB: You can only filter on the requested table (not on it's included tables) and filters are only applied on list calls.\n\n### Column selection\n\nBy default all columns are selected. With the \"include\" parameter you can select specific columns. \nYou may use a dot to separate the table name from the column name. Multiple columns should be comma separated. \nAn asterisk (\"*\") may be used as a wildcard to indicate \"all columns\". Similar to \"include\" you may use the \"exclude\" parameter to remove certain columns:\n\n```\nGET /records/categories/1?include=name\nGET /records/categories/1?include=categories.name\nGET /records/categories/1?exclude=categories.id\n```\n\nOutput:\n\n```\n    {\n        \"name\": \"Internet\"\n    }\n```\n\nNB: Columns that are used to include related entities are automatically added and cannot be left out of the output.\n\n### Ordering\n\nWith the \"order\" parameter you can sort. By default the sort is in ascending order, but by specifying \"desc\" this can be reversed:\n\n```\nGET /records/categories?order=name,desc\nGET /records/categories?order=id,desc\u0026order=name\n```\n\nOutput:\n\n```\n    {\n        \"records\":[\n            {\n                \"id\": 3\n                \"name\": \"Web development\"\n            },\n            {\n                \"id\": 1\n                \"name\": \"Internet\"\n            }\n        ]\n    }\n```\n\nNB: You may sort on multiple fields by using multiple \"order\" parameters. You can not order on \"joined\" columns.\n\n### Limit size\n\nThe \"size\" parameter limits the number of returned records. This can be used for top N lists together with the \"order\" parameter (use descending order).\n\n```\nGET /records/categories?order=id,desc\u0026size=1\n```\n\nOutput:\n\n```\n    {\n        \"records\":[\n            {\n                \"id\": 3\n                \"name\": \"Web development\"\n            }\n        ]\n    }\n```\n\nNB: If you also want to know to the total number of records you may want to use the \"page\" parameter.\n\n### Pagination\n\nThe \"page\" parameter holds the requested page. The default page size is 20, but can be adjusted (e.g. to 50).\n\n```\nGET /records/categories?order=id\u0026page=1\nGET /records/categories?order=id\u0026page=1,50\n```\n\nOutput:\n\n```\n    {\n        \"records\":[\n            {\n                \"id\": 1\n                \"name\": \"Internet\"\n            },\n            {\n                \"id\": 3\n                \"name\": \"Web development\"\n            }\n        ],\n        \"results\": 2\n    }\n```\n\nThe element \"results\" holds to total number of records in the table, which would be returned if no pagination would be used.\n\nNB: Since pages that are not ordered cannot be paginated, pages will be ordered by primary key.\n\n### Joins\n\nLet's say that you have a posts table that has comments (made by users) and the posts can have tags.\n\n    posts    comments  users     post_tags  tags\n    =======  ========  =======   =========  ======= \n    id       id        id        id         id\n    title    post_id   username  post_id    name\n    content  user_id   phone     tag_id\n    created  message\n\nWhen you want to list posts with their comments users and tags you can ask for two \"tree\" paths:\n\n    posts -\u003e comments  -\u003e users\n    posts -\u003e post_tags -\u003e tags\n\nThese paths have the same root and this request can be written in URL format as:\n\n    GET /records/posts?join=comments,users\u0026join=tags\n\nHere you are allowed to leave out the intermediate table that binds posts to tags. In this example\nyou see all three table relation types (hasMany, belongsTo and hasAndBelongsToMany) in effect:\n\n- \"post\" has many \"comments\"\n- \"comment\" belongs to \"user\"\n- \"post\" has and belongs to many \"tags\"\n\nThis may lead to the following JSON data:\n\n    {\n        \"records\":[\n            {\n                \"id\": 1,\n                \"title\": \"Hello world!\",\n                \"content\": \"Welcome to the first post.\",\n                \"created\": \"2018-03-05T20:12:56Z\",\n                \"comments\": [\n                    {\n                        id: 1,\n                        post_id: 1,\n                        user_id: {\n                            id: 1,\n                            username: \"mevdschee\",\n                            phone: null,\n                        },\n                        message: \"Hi!\"\n                    },\n                    {\n                        id: 2,\n                        post_id: 1,\n                        user_id: {\n                            id: 1,\n                            username: \"mevdschee\",\n                            phone: null,\n                        },\n                        message: \"Hi again!\"\n                    }\n                ],\n                \"tags\": []\n            },\n            {\n                \"id\": 2,\n                \"title\": \"Black is the new red\",\n                \"content\": \"This is the second post.\",\n                \"created\": \"2018-03-06T21:34:01Z\",\n                \"comments\": [],\n                \"tags\": [\n                    {\n                        id: 1,\n                        message: \"Funny\"\n                    },\n                    {\n                        id: 2,\n                        message: \"Informational\"\n                    }\n                ]\n            }\n        ]\n    }\n\nYou see that the \"belongsTo\" relationships are detected and the foreign key value is replaced by the referenced object.\nIn case of \"hasMany\" and \"hasAndBelongsToMany\" the table name is used a new property on the object.\n\n### Batch operations\n\nWhen you want to create, read, update or delete you may specify multiple primary key values in the URL.\nYou also need to send an array instead of an object in the request body for create and update. \n\nTo read a record from this table the request can be written in URL format as:\n\n    GET /records/posts/1,2\n\nThe result may be:\n\n    [\n            {\n                \"id\": 1,\n                \"title\": \"Hello world!\",\n                \"content\": \"Welcome to the first post.\",\n                \"created\": \"2018-03-05T20:12:56Z\"\n            },\n            {\n                \"id\": 2,\n                \"title\": \"Black is the new red\",\n                \"content\": \"This is the second post.\",\n                \"created\": \"2018-03-06T21:34:01Z\"\n            }\n    ]\n\nSimilarly when you want to do a batch update the request in URL format is written as:\n\n    PUT /records/posts/1,2\n\nWhere \"1\" and \"2\" are the values of the primary keys of the records that you want to update. The body should \ncontain the same number of objects as there are primary keys in the URL:\n\n    [   \n        {\n            \"title\": \"Adjusted title for ID 1\"\n        },\n        {\n            \"title\": \"Adjusted title for ID 2\"\n        }        \n    ]\n\nThis adjusts the titles of the posts. And the return values are the number of rows that are set:\n\n    [1,1]\n\nWhich means that there were two update operations and each of them had set one row. Batch operations use database\ntransactions, so they either all succeed or all fail (successful ones get rolled back). If they fail the body will\ncontain the list of error documents. In the following response the first operation succeeded and the second operation\nof the batch failed due to an integrity violation:\n\n    [   \n        {\n            \"code\": 0,\n            \"message\": \"Success\"\n        },\n        {\n            \"code\": 1010,\n            \"message\": \"Data integrity violation\"\n        }\n    ]\n\nThe response status code will always be 424 (failed dependency) in case of any failure of one of the batch operations.\n\nTo insert multiple records into this table the request can be written in URL format as:\n\n    POST /records/posts\n\nThe body should contain an array of records to be inserted:\n\n    [\n            {\n                \"title\": \"Hello world!\",\n                \"content\": \"Welcome to the first post.\",\n                \"created\": \"2018-03-05T20:12:56Z\"\n            },\n            {\n                \"title\": \"Black is the new red\",\n                \"content\": \"This is the second post.\",\n                \"created\": \"2018-03-06T21:34:01Z\"\n            }\n    ]\n\nThe return value is also an array containing the primary keys of the newly inserted records:\n\n    [1,2] \n\nNote that batch operation for DELETE follows the same pattern as PUT, but without a body.\n\n### Spatial support\n\nFor spatial support there is an extra set of filters that can be applied on geometry columns and that starting with an \"s\":\n\n  - \"sco\": spatial contains (geometry contains another)\n  - \"scr\": spatial crosses (geometry crosses another)\n  - \"sdi\": spatial disjoint (geometry is disjoint from another)\n  - \"seq\": spatial equal (geometry is equal to another)\n  - \"sin\": spatial intersects (geometry intersects another)\n  - \"sov\": spatial overlaps (geometry overlaps another)\n  - \"sto\": spatial touches (geometry touches another)\n  - \"swi\": spatial within (geometry is within another)\n  - \"sic\": spatial is closed (geometry is closed and simple)\n  - \"sis\": spatial is simple (geometry is simple)\n  - \"siv\": spatial is valid (geometry is valid)\n\nThese filters are based on OGC standards and so is the WKT specification in which the geometry columns are represented.\nNote that the SRID that is assumed when converting from WKT to geometry is specified by the config variable `geometrySrid` and defaults to 4326 (WGS 84).\n\n#### GeoJSON\n\nThe GeoJSON support is a read-only view on the tables and records in GeoJSON format. These requests are supported:\n\n    method path                  - operation - description\n    ----------------------------------------------------------------------------------------\n    GET    /geojson/{table}      - list      - lists records as a GeoJSON FeatureCollection\n    GET    /geojson/{table}/{id} - read      - reads a record by primary key as a GeoJSON Feature\n\nThe \"`/geojson`\" endpoint uses the \"`/records`\" endpoint internally and inherits all functionality, such as joins and filters.\nIt also supports a \"geometry\" parameter to indicate the name of the geometry column in case the table has more than one.\nFor map views it supports the \"bbox\" parameter in which you can specify upper-left and lower-right coordinates (comma separated).\nThe following Geometry types are supported by the GeoJSON implementation:\n\n  - Point\n  - MultiPoint\n  - LineString\n  - MultiLineString\n  - Polygon\n  - MultiPolygon\n\nThe GeoJSON functionality is enabled by default, but can be disabled using the \"controllers\" configuration.\n\n## Mapping names for legacy systems\n\nTo support creating an API for (a part of) a legacy system (such as Wordpress) you may want to map the table and column \nnames as can not improve them without changing the software, while the names may need some improvement for consistency.\nThe config allows you to rename tables and columns with a comma separated list of mappings that are split with an \nequal sign, like this:\n\n    'mapping' =\u003e 'wp_posts=posts,wp_posts.ID=posts.id',\n\nThis specific example will expose the \"`wp_posts`\" table at a \"`posts`\" end-point (instead of \"`wp_posts`\") and the \ncolumn \"`ID`\" within that table as the \"`id`\" property (in lower case instead of upper case).\n\nNB: Since these two mappings overlap the first (less specific) mapping may be omitted.\n\n## Middleware\n\nYou can enable the following middleware using the \"middlewares\" config parameter:\n\n- \"firewall\": Limit access to specific IP addresses\n- \"sslRedirect\": Force connection over HTTPS instead of HTTP\n- \"cors\": Support for CORS requests (enabled by default)\n- \"xsrf\": Block XSRF attacks using the 'Double Submit Cookie' method\n- \"ajaxOnly\": Restrict non-AJAX requests to prevent XSRF attacks\n- \"apiKeyAuth\": Support for \"API Key Authentication\"\n- \"apiKeyDbAuth\": Support for \"API Key Database Authentication\"\n- \"dbAuth\": Support for \"Database Authentication\"\n- \"wpAuth\": Support for \"Wordpress Authentication\"\n- \"jwtAuth\": Support for \"JWT Authentication\"\n- \"basicAuth\": Support for \"Basic Authentication\"\n- \"reconnect\": Reconnect to the database with different parameters\n- \"authorization\": Restrict access to certain tables or columns\n- \"validation\": Return input validation errors for custom rules and default type rules\n- \"ipAddress\": Fill a protected field with the IP address on create\n- \"sanitation\": Apply input sanitation on create and update\n- \"multiTenancy\": Restricts tenants access in a multi-tenant scenario\n- \"pageLimits\": Restricts list operations to prevent database scraping\n- \"joinLimits\": Restricts join parameters to prevent database scraping\n- \"textSearch\": Search in all text fields with a simple parameter\n- \"customization\": Provides handlers for request and response customization\n- \"json\": Support read/write of JSON strings as JSON objects/arrays\n- \"xml\": Translates all input and output from JSON to XML\n\nThe \"middlewares\" config parameter is a comma separated list of enabled middlewares.\nYou can tune the middleware behavior using middleware specific configuration parameters:\n\n- \"firewall.reverseProxy\": Set to \"true\" when a reverse proxy is used (\"\")\n- \"firewall.allowedIpAddresses\": List of IP addresses that are allowed to connect (\"\")\n- \"cors.allowedOrigins\": The origins allowed in the CORS headers (\"*\")\n- \"cors.allowHeaders\": The headers allowed in the CORS request (\"Content-Type, X-XSRF-TOKEN, X-Authorization\")\n- \"cors.allowMethods\": The methods allowed in the CORS request (\"OPTIONS, GET, PUT, POST, DELETE, PATCH\")\n- \"cors.allowCredentials\": To allow credentials in the CORS request (\"true\")\n- \"cors.exposeHeaders\": Whitelist headers that browsers are allowed to access (\"\")\n- \"cors.maxAge\": The time that the CORS grant is valid in seconds (\"1728000\")\n- \"xsrf.excludeMethods\": The methods that do not require XSRF protection (\"OPTIONS,GET\")\n- \"xsrf.cookieName\": The name of the XSRF protection cookie (\"XSRF-TOKEN\")\n- \"xsrf.headerName\": The name of the XSRF protection header (\"X-XSRF-TOKEN\")\n- \"ajaxOnly.excludeMethods\": The methods that do not require AJAX (\"OPTIONS,GET\")\n- \"ajaxOnly.headerName\": The name of the required header (\"X-Requested-With\")\n- \"ajaxOnly.headerValue\": The value of the required header (\"XMLHttpRequest\")\n- \"apiKeyAuth.mode\": Set to \"optional\" if you want to allow anonymous access (\"required\")\n- \"apiKeyAuth.header\": The name of the API key header (\"X-API-Key\")\n- \"apiKeyAuth.keys\": List of API keys that are valid (\"\")\n- \"apiKeyDbAuth.mode\": Set to \"optional\" if you want to allow anonymous access (\"required\")\n- \"apiKeyDbAuth.header\": The name of the API key header (\"X-API-Key\")\n- \"apiKeyDbAuth.usersTable\": The table that is used to store the users in (\"users\")\n- \"apiKeyDbAuth.apiKeyColumn\": The users table column that holds the API key (\"api_key\")\n- \"dbAuth.mode\": Set to \"optional\" if you want to allow anonymous access (\"required\")\n- \"dbAuth.usersTable\": The table that is used to store the users in (\"users\")\n- \"dbAuth.loginTable\": The table or view that is used to retrieve the users info for login (\"users\")\n- \"dbAuth.usernameColumn\": The users table column that holds usernames (\"username\")\n- \"dbAuth.passwordColumn\": The users table column that holds passwords (\"password\")\n- \"dbAuth.returnedColumns\": The columns returned on successful login, empty means 'all' (\"\")\n- \"dbAuth.usernameFormField\": The name of the form field that holds the username (\"username\")\n- \"dbAuth.passwordFormField\": The name of the form field that holds the password (\"password\")\n- \"dbAuth.newPasswordFormField\": The name of the form field that holds the new password (\"newPassword\")\n- \"dbAuth.registerUser\": JSON user data (or \"1\") in case you want the /register endpoint enabled (\"\")\n- \"dbAuth.loginAfterRegistration\": 1 or zero if registered users should be logged in after registration (\"\")\n- \"dbAuth.passwordLength\": Minimum length that the password must have (\"12\")\n- \"dbAuth.sessionName\": The name of the PHP session that is started (\"\")\n- \"wpAuth.mode\": Set to \"optional\" if you want to allow anonymous access (\"required\")\n- \"wpAuth.wpDirectory\": The folder/path where the Wordpress install can be found (\".\")\n- \"wpAuth.usernameFormField\": The name of the form field that holds the username (\"username\")\n- \"wpAuth.passwordFormField\": The name of the form field that holds the password (\"password\")\n- \"jwtAuth.mode\": Set to \"optional\" if you want to allow anonymous access (\"required\")\n- \"jwtAuth.header\": Name of the header containing the JWT token (\"X-Authorization\")\n- \"jwtAuth.leeway\": The acceptable number of seconds of clock skew (\"5\")\n- \"jwtAuth.ttl\": The number of seconds the token is valid (\"30\")\n- \"jwtAuth.secrets\": The shared secret(s) used to sign the JWT token with (\"\")\n- \"jwtAuth.algorithms\": The algorithms that are allowed, empty means 'all' (\"\")\n- \"jwtAuth.audiences\": The audiences that are allowed, empty means 'all' (\"\")\n- \"jwtAuth.issuers\": The issuers that are allowed, empty means 'all' (\"\")\n- \"jwtAuth.sessionName\": The name of the PHP session that is started (\"\")\n- \"basicAuth.mode\": Set to \"optional\" if you want to allow anonymous access (\"required\")\n- \"basicAuth.realm\": Text to prompt when showing login (\"Username and password required\")\n- \"basicAuth.passwordFile\": The file to read for username/password combinations (\".htpasswd\")\n- \"basicAuth.sessionName\": The name of the PHP session that is started (\"\")\n- \"reconnect.driverHandler\": Handler to implement retrieval of the database driver (\"\")\n- \"reconnect.addressHandler\": Handler to implement retrieval of the database address (\"\")\n- \"reconnect.portHandler\": Handler to implement retrieval of the database port (\"\")\n- \"reconnect.databaseHandler\": Handler to implement retrieval of the database name (\"\")\n- \"reconnect.tablesHandler\": Handler to implement retrieval of the table names (\"\")\n- \"reconnect.mappingHandler\": Handler to implement retrieval of the name mapping (\"\")\n- \"reconnect.usernameHandler\": Handler to implement retrieval of the database username (\"\")\n- \"reconnect.passwordHandler\": Handler to implement retrieval of the database password (\"\")\n- \"authorization.tableHandler\": Handler to implement table authorization rules (\"\")\n- \"authorization.columnHandler\": Handler to implement column authorization rules (\"\")\n- \"authorization.pathHandler\": Handler to implement path authorization rules (\"\")\n- \"authorization.recordHandler\": Handler to implement record authorization filter rules (\"\")\n- \"validation.handler\": Handler to implement validation rules for input values (\"\")\n- \"validation.types\": Types to enable type validation for, empty means 'none' (\"all\")\n- \"validation.tables\": Tables to enable type validation for, empty means 'none' (\"all\")\n- \"ipAddress.tables\": Tables to search for columns to override with IP address (\"\")\n- \"ipAddress.columns\": Columns to protect and override with the IP address on create (\"\")\n- \"sanitation.handler\": Handler to implement sanitation rules for input values (\"\")\n- \"sanitation.types\": Types to enable type sanitation for, empty means 'none' (\"all\")\n- \"sanitation.tables\": Tables to enable type sanitation for, empty means 'none' (\"all\")\n- \"multiTenancy.handler\": Handler to implement simple multi-tenancy rules (\"\")\n- \"pageLimits.pages\": The maximum page number that a list operation allows (\"100\")\n- \"pageLimits.records\": The maximum number of records returned by a list operation (\"1000\")\n- \"joinLimits.depth\": The maximum depth (length) that is allowed in a join path (\"3\")\n- \"joinLimits.tables\": The maximum number of tables that you are allowed to join (\"10\")\n- \"joinLimits.records\": The maximum number of records returned for a joined entity (\"1000\")\n- \"textSearch.parameter\": The name of the parameter used for the search term (\"search\")\n- \"customization.beforeHandler\": Handler to implement request customization (\"\")\n- \"customization.afterHandler\": Handler to implement response customization (\"\")\n- \"json.controllers\": Controllers to process JSON strings for (\"records,geojson\")\n- \"json.tables\": Tables to process JSON strings for (\"all\")\n- \"json.columns\": Columns to process JSON strings for (\"all\")\n- \"xml.types\": JSON types that should be added to the XML type attribute (\"null,array\")\n\nIf you don't specify these parameters in the configuration, then the default values (between brackets) are used.\n\nIn the sections below you find more information on the built-in middleware.\n\n### Authentication\n\nCurrently there are five types of authentication supported. They all store the authenticated user in the `$_SESSION` super global.\nThis variable can be used in the authorization handlers to decide wether or not somebody should have read or write access to certain tables, columns or records.\nThe following overview shows the kinds of authentication middleware that you can enable.\n\n| Name       | Middleware   | Authenticated via      | Users are stored in | Session variable        |\n| ---------- | ------------ | ---------------------- | ------------------- | ----------------------- |\n| API key    | apiKeyAuth   | 'X-API-Key' header     | configuration       | `$_SESSION['apiKey']`   |\n| API key DB | apiKeyDbAuth | 'X-API-Key' header     | database table      | `$_SESSION['apiUser']`  |\n| Database   | dbAuth       | '/login' endpoint      | database table      | `$_SESSION['user']`     |\n| Basic      | basicAuth    | 'Authorization' header | '.htpasswd' file    | `$_SESSION['username']` |\n| JWT        | jwtAuth      | 'Authorization' header | identity provider   | `$_SESSION['claims']`   |\n\nBelow you find more information on each of the authentication types.\n\n#### API key authentication\n\nAPI key authentication works by sending an API key in a request header.\nThe header name defaults to \"X-API-Key\" and can be configured using the 'apiKeyAuth.header' configuration parameter.\nValid API keys must be configured using the 'apiKeyAuth.keys' configuration parameter (comma separated list).\n\n    X-API-Key: 02c042aa-c3c2-4d11-9dae-1a6e230ea95e\n\nThe authenticated API key will be stored in the `$_SESSION['apiKey']` variable.\n\nNote that the API key authentication does not require or use session cookies.\n\n#### API key database authentication\n\nAPI key database authentication works by sending an API key in a request header \"X-API-Key\" (the name is configurable).\nValid API keys are read from the database from the column \"api_key\" of the \"users\" table (both names are configurable).\n\n    X-API-Key: 02c042aa-c3c2-4d11-9dae-1a6e230ea95e\n\nThe authenticated user (with all it's properties) will be stored in the `$_SESSION['apiUser']` variable.\n\nNote that the API key database authentication does not require or use session cookies.\n\n#### Database authentication\n\nThe database authentication middleware defines five new routes:\n\n    method path       - parameters                      - description\n    ---------------------------------------------------------------------------------------------------\n    GET    /me        -                                 - returns the user that is currently logged in\n    POST   /register  - username, password              - adds a user with given username and password\n    POST   /login     - username, password              - logs a user in by username and password\n    POST   /password  - username, password, newPassword - updates the password of the logged in user\n    POST   /logout    -                                 - logs out the currently logged in user\n\nA user can be logged in by sending it's username and password to the login endpoint (in JSON format).\nThe authenticated user (with all it's properties) will be stored in the `$_SESSION['user']` variable.\nThe user can be logged out by sending a POST request with an empty body to the logout endpoint.\nThe passwords are stored as hashes in the password column in the users table. You can register a new user\nusing the register endpoint, but this functionality must be turned on using the \"dbAuth.registerUser\"\nconfiguration parameter.\n\nIt is IMPORTANT to restrict access to the users table using the 'authorization' middleware, otherwise all \nusers can freely add, modify or delete any account! The minimal configuration is shown below:\n\n    'middlewares' =\u003e 'dbAuth,authorization',\n    'authorization.tableHandler' =\u003e function ($operation, $tableName) {\n        return $tableName != 'users';\n    },\n\nNote that this middleware uses session cookies and stores the logged in state on the server.\n\n**Login using views with joined table**\n\nFor login operations, it is possible to use a view as the usersTable. Such view can return a filtered result from the users table, e.g., *where active = true* or it may also return a result multiple tables thru a table join. At a minimum, the view should include the ***username*** and ***password*** and a field named ***id***.\n\nHowever, views with joined tables are not insertable ([see issue 907](https://github.com/mevdschee/php-crud-api/issues/907) ). As a workaround, use the property ***loginTable*** to set a different reference table for login. The **usersTable** will still be set to the normal, insertable users table. \n\n#### Wordpress authentication\n\nThe Wordpress authentication middleware defines three routes:\n\n    method path       - parameters                      - description\n    ---------------------------------------------------------------------------------------------------\n    GET    /me        -                                 - returns the user that is currently logged in\n    POST   /login     - username, password              - logs a user in by username and password\n    POST   /logout    -                                 - logs out the currently logged in user\n\nA user can be logged in by sending it's username and password to the login endpoint (in JSON format).\nThe user can be logged out by sending a POST request with an empty body to the logout endpoint.\nYou need to specify the Wordpress installation directory using the \"wpAuth.wpDirectory\" configuration parameter.\nThe middleware calls \"wp-load.php\" this allows you to use Wordpress functions in the authorization middleware, like:\n\n- wp_get_current_user()\n- is_user_logged_in()\n- is_super_admin()\n- user_can(wp_get_current_user(),'edit_posts');\n\nNote that the `$_SESSION` variable is not used by this middleware.\n\n#### Basic authentication\n\nThe Basic type supports a file (by default '.htpasswd') that holds the users and their (hashed) passwords separated by a colon (':'). \nWhen the passwords are entered in plain text they will be automatically hashed.\nThe authenticated username will be stored in the `$_SESSION['username']` variable.\nYou need to send an \"Authorization\" header containing a base64 url encoded version of your colon separated username and password, after the word \"Basic\".\n\n    Authorization: Basic dXNlcm5hbWUxOnBhc3N3b3JkMQ\n\nThis example sends the string \"username1:password1\".\n\n#### JWT authentication\n\nThe JWT type requires another (SSO/Identity) server to sign a token that contains claims. \nBoth servers share a secret so that they can either sign or verify that the signature is valid.\nClaims are stored in the `$_SESSION['claims']` variable. You need to send an \"X-Authorization\" \nheader containing a base64 url encoded and dot separated token header, body and signature after\nthe word \"Bearer\" ([read more about JWT here](https://jwt.io/)). The standard says you need to\nuse the \"Authorization\" header, but this is problematic in Apache and PHP.\n\n    X-Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6IjE1MzgyMDc2MDUiLCJleHAiOjE1MzgyMDc2MzV9.Z5px_GT15TRKhJCTHhDt5Z6K6LRDSFnLj8U5ok9l7gw\n\nThis example sends the signed claims:\n\n    {\n      \"sub\": \"1234567890\",\n      \"name\": \"John Doe\",\n      \"admin\": true,\n      \"iat\": \"1538207605\",\n      \"exp\": 1538207635\n    }\n\nNB: The JWT implementation only supports the RSA and HMAC based algorithms.\n\n##### Configure and test JWT authentication with Auth0\n\nFirst you need to create an account on [Auth0](https://auth0.com/auth/login).\nOnce logged in, you have to create an application (its type does not matter). Collect the `Domain`\nand `Client ID` and keep them for a later use. Then, create an API: give it a name and fill the\n`identifier` field with your API endpoint's URL.\n\nThen you have to configure the `jwtAuth.secrets` configuration in your `api.php` file.\nDon't fill it with the `secret` you will find in your Auth0 application settings but with **a\npublic certificate**. To find it, go to the settings of your application, then in \"Extra settings\".\nYou will now find a \"Certificates\" tab where you will find your Public Key in the Signing\nCertificate field.\n\nTo test your integration, you can copy the [auth0/vanilla.html](examples/clients/auth0/vanilla.html)\nfile. Be sure to fill these three variables:\n\n - `authUrl` with your Auth0 domain\n - `clientId` with your Client ID\n - `audience` with the API URL you created in Auth0\n\nNote that if you don't fill the audience parameter, it will not work because you won't get a valid JWT.\nAlso note that you should fill `jwtAuth.audiences` (with the value of the `audience`) to ensure the\ntokens are validated to be generated for your application.\n\nYou can also change the `url` variable, used to test the API with authentication.\n\n[More info](https://auth0.com/docs/api-auth/tutorials/verify-access-token)\n\n##### Configure and test JWT authentication with Firebase\n\nFirst you need to create a Firebase project on the [Firebase console](https://console.firebase.google.com/).\nAdd a web application to this project and grab the code snippet for later use.\n\nThen you have to configure the `jwtAuth.secrets` configuration in your `api.php` file. \nThis can be done as follows:\n\na. Log a user in to your Firebase-based app, get an authentication token for that user\nb. Go to [https://jwt.io/](https://jwt.io/) and paste the token in the decoding field\nc. Read the decoded header information from the token, it will give you the correct `kid`\nd. Grab the public key via this [URL](https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com), which corresponds to your `kid` from previous step\ne. Now, just fill `jwtAuth.secrets` with your public key in the `api.php`\n\nAlso configure the `jwtAuth.audiences` (fill in the Firebase project ID).\n\nHere is an example of what it should look like in the configuration:\n\n```\n...,\n'middlewares' =\u003e 'cors, jwtAuth, authorization',\n        'jwtAuth.secrets' =\u003e \"ce5ced6e40dcd1eff407048867b1ed1e706686a0:-----BEGIN CERTIFICATE-----\\nMIIDHDCCAgSgAwIBAgIIExun9bJSK1wwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\\nAxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTkx\\nMjIyMjEyMTA3WhcNMjAwMTA4MDkzNjA3WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\\nggEPADCCAQoCggEBAKsvVDUwXeYQtySNvyI1/tZAk0sj7Zx4/1+YLUomwlK6vmEd\\nyl2IXOYOj3VR7FBA24A9//nnrp+mV8YOYEOdaWX7PQo0PIPFPqdA0r7CqBUWHPfQ\\n1WVHVRQY3G0c7upM97UfMes9xOrMqyvecMRk1e5S6eT12Zh2og7yiVs8gP83M1EB\\nGqseUaltaadjyT35w5B0Ny0/7NdLYiv2G6Z0S821SxvSo1/wfmilnBBKYYluP0PA\\n9NPznWFP6uXnX7gKxyJT9//cYVxTO6+b1TT13Yvrpm1a4EuCOhLrZH6ErHQTccAM\\nhAx8mdNtbROsp0dlPKrSfqO82uFz45RXZYmSeP0CAwEAAaM4MDYwDAYDVR0TAQH/\\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ\\nKoZIhvcNAQEFBQADggEBACNsJ5m00gdTvD6j6ahURsGrNZ0VJ0YREVQ5U2Jtubr8\\nn2fuhMxkB8147ISzfi6wZR+yNwPGjlr8JkAHAC0i+Nam9SqRyfZLqsm+tHdgFT8h\\npa+R/FoGrrLzxJNRiv0Trip8hZjgz3PClz6KxBQzqL+rfGV2MbwTXuBoEvLU1mYA\\no3/UboJT7cNGjZ8nHXeoKMsec1/H55lUdconbTm5iMU1sTDf+3StGYzTwC+H6yc2\\nY3zIq3/cQUCrETkALrqzyCnLjRrLYZu36ITOaKUbtmZhwrP99i2f+H4Ab2i8jeMu\\nk61HD29mROYjl95Mko2BxL+76To7+pmn73U9auT+xfA=\\n-----END CERTIFICATE-----\\n\",\n        'jwtAuth.audiences' =\u003e 'your-project-id',\n        'cors.allowedOrigins' =\u003e '*',\n        'cors.allowHeaders' =\u003e 'X-Authorization'\n```\n\nNotes:\n - The `kid:key` pair is formatted as a string\n - Do not include spaces before or after the ':'\n - Use double quotation marks (\") around the string text\n - The string must contain the linefeeds (\\n)\n - `jwtAuth.audiences` should contain your Firebase projectId\n\nTo test your integration, you can copy the [firebase/vanilla.html](examples/clients/firebase/vanilla.html)\nfile and the [firebase/vanilla-success.html](examples/clients/firebase/vanilla-success.html) file,\nused as a \"success\" page and to display the API result.\n\nReplace, in both files, the Firebase configuration (`firebaseConfig` object).\n\nYou can also change the `url` variable, used to test the API with authentication.\n\n[More info](https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library)\n\n### Authorizing operations\n\nThe Authorization model acts on \"operations\". The most important ones are listed here:\n\n    method path                  - operation - description\n    ----------------------------------------------------------------------------------------\n    GET    /records/{table}      - list      - lists records\n    POST   /records/{table}      - create    - creates records\n    GET    /records/{table}/{id} - read      - reads a record by primary key\n    PUT    /records/{table}/{id} - update    - updates columns of a record by primary key\n    DELETE /records/{table}/{id} - delete    - deletes a record by primary key\n    PATCH  /records/{table}/{id} - increment - increments columns of a record by primary key\n\nThe \"`/openapi`\" endpoint will only show what is allowed in your session. It also has a special \n\"document\" operation to allow you to hide tables and columns from the documentation.\n    \nFor endpoints that start with \"`/columns`\" there are the operations \"reflect\" and \"remodel\". \nThese operations can display or change the definition of the database, table or column. \nThis functionality is disabled by default and for good reason (be careful!). \nAdd the \"columns\" controller in the configuration to enable this functionality.\n\n### Authorizing tables, columns and records\n\nBy default all tables, columns and paths are accessible. If you want to restrict access to some tables you may add the 'authorization' middleware \nand define a 'authorization.tableHandler' function that returns 'false' for these tables.\n\n    'authorization.tableHandler' =\u003e function ($operation, $tableName) {\n        return $tableName != 'license_keys';\n    },\n\nThe above example will restrict access to the table 'license_keys' for all operations.\n\n    'authorization.columnHandler' =\u003e function ($operation, $tableName, $columnName) {\n        return !($tableName == 'users' \u0026\u0026 $columnName == 'password');\n    },\n\nThe above example will restrict access to the 'password' field of the 'users' table for all operations.\n\n    'authorization.recordHandler' =\u003e function ($operation, $tableName) {\n        return ($tableName == 'users') ? 'filter=username,neq,admin' : '';\n    },\n\nThe above example will disallow access to user records where the username is 'admin'. \nThis construct adds a filter to every executed query. \n\n    'authorization.pathHandler' =\u003e function ($path) {\n        return $path === 'openapi' ? false : true;\n    },\n\nThe above example will disabled the `/openapi` route.\n\nNB: You need to handle the creation of invalid records with a validation (or sanitation) handler.\n\n### SQL GRANT authorization\n\nYou can alternatively use database permissons (SQL GRANT statements) to define the authorization model. In this case you\nshould not use the \"authorization\" middleware, but you do need to use the \"reconnect\" middleware. The handlers of the\n\"reconnect\" middleware allow you to specify the correct username and password, like this:\n\n    'reconnect.usernameHandler' =\u003e function () {\n        return 'mevdschee';\n    },\n    'reconnect.passwordHandler' =\u003e function () {\n        return 'secret123';\n    },\n\nThis will make the API connect to the database specifying \"mevdschee\" as the username and \"secret123\" as the password.\nThe OpenAPI specification is less specific on allowed and disallowed operations when you are using database permissions,\nas the permissions are not read in the reflection step.\n\nNB: You may want to retrieve the username and password from the session (the \"$_SESSION\" variable).\n\n### Sanitizing input\n\nBy default all input is accepted and sent to the database. If you want to strip (certain) HTML tags before storing you may add \nthe 'sanitation' middleware and define a 'sanitation.handler' function that returns the adjusted value.\n\n    'sanitation.handler' =\u003e function ($operation, $tableName, $column, $value) {\n        return is_string($value) ? strip_tags($value) : $value;\n    },\n\nThe above example will strip all HTML tags from strings in the input.\n\n### Type sanitation\n\nIf you enable the 'sanitation' middleware, then you (automatically) also enable type sanitation. When this is enabled you may:\n\n- send leading and trailing whitespace in a non-character field (it will be ignored).\n- send a float to an integer or bigint field (it will be rounded).\n- send a base64url encoded string (it will be converted to regular base64 encoding).\n- send a time/date/timestamp in any [strtotime accepted format](https://www.php.net/manual/en/datetime.formats.php) (it will be converted).\n\nYou may use the config settings \"`sanitation.types`\" and \"`sanitation.tables`\"' to define for which types and\nin which tables you want to apply type sanitation (defaults to 'all'). Example:\n\n    'sanitation.types' =\u003e 'date,timestamp',\n    'sanitation.tables' =\u003e 'posts,comments',\n\nHere we enable the type sanitation for date and timestamp fields in the posts and comments tables.\n\n### Validating input\n\nBy default all input is accepted and sent to the database. If you want to validate the input in a custom way, \nyou may add the 'validation' middleware and define a 'validation.handler' function that returns a boolean \nindicating whether or not the value is valid.\n\n    'validation.handler' =\u003e function ($operation, $tableName, $column, $value, $context) {\n        return ($column['name'] == 'post_id' \u0026\u0026 !is_numeric($value)) ? 'must be numeric' : true;\n    },\n\nWhen you edit a comment with id 4 using:\n\n    PUT /records/comments/4\n\nAnd you send as a body:\n\n    {\"post_id\":\"two\"}\n\nThen the server will return a '422' HTTP status code and nice error message:\n\n    {\n        \"code\": 1013,\n        \"message\": \"Input validation failed for 'comments'\",\n        \"details\": {\n            \"post_id\":\"must be numeric\"\n        }\n    }\n\nYou can parse this output to make form fields show up with a red border and their appropriate error message.\n\n### Type validations\n\nIf you enable the 'validation' middleware, then you (automatically) also enable type validation. \nThis includes the following error messages:\n\n| error message       | reason                      | applies to types                            |\n| ------------------- | --------------------------- | ------------------------------------------- |\n| cannot be null      | unexpected null value       | (any non-nullable column)                   |\n| illegal whitespace  | leading/trailing whitespace | integer bigint decimal float double boolean |\n| invalid integer     | illegal characters          | integer bigint                              |\n| string too long     | too many characters         | varchar varbinary                           |\n| invalid decimal     | illegal characters          | decimal                                     |\n| decimal too large   | too many digits before dot  | decimal                                     |\n| decimal too precise | too many digits after dot   | decimal                                     |\n| invalid float       | illegal characters          | float double                                |\n| invalid boolean     | use 1, 0, true or false     | boolean                                     |\n| invalid date        | use yyyy-mm-dd              | date                                        |\n| invalid time        | use hh:mm:ss                | time                                        |\n| invalid timestamp   | use yyyy-mm-dd hh:mm:ss     | timestamp                                   |\n| invalid base64      | illegal characters          | varbinary, blob                             |\n\nYou may use the config settings \"`validation.types`\" and \"`validation.tables`\"' to define for which types and\nin which tables you want to apply type validation (defaults to 'all'). Example:\n\n    'validation.types' =\u003e 'date,timestamp',\n    'validation.tables' =\u003e 'posts,comments',\n\nHere we enable the type validation for date and timestamp fields in the posts and comments tables.\n\nNB: Types that are enabled will be checked for null values when the column is non-nullable.\n\n### Multi-tenancy support\n\nTwo forms of multi-tenancy are supported:\n\n - Single database, where every table has a tenant column (using the \"multiTenancy\" middleware).\n - Multi database, where every tenant has it's own database (using the \"reconnect\" middleware).\n\nBelow is an explanation of the corresponding middlewares.\n\n#### Multi-tenancy middleware\n\nYou may use the \"multiTenancy\" middleware when you have a single multi-tenant database. \nIf your tenants are identified by the \"customer_id\" column, then you can use the following handler:\n\n    'multiTenancy.handler' =\u003e function ($operation, $tableName) {\n        return ['customer_id' =\u003e 12];\n    },\n\nThis construct adds a filter requiring \"customer_id\" to be \"12\" to every operation (except for \"create\").\nIt also sets the column \"customer_id\" on \"create\" to \"12\" and removes the column from any other write operation.\n\nNB: You may want to retrieve the customer id from the session (the \"$_SESSION\" variable).\n\n#### Reconnect middleware\n\nYou may use the \"reconnect\" middleware when you have a separate database for each tenant.\nIf the tenant has it's own database named \"customer_12\", then you can use the following handler:\n\n    'reconnect.databaseHandler' =\u003e function () {\n        return 'customer_12';\n    },\n\nThis will make the API reconnect to the database specifying \"customer_12\" as the database name. If you don't want\nto use the same credentials, then you should also implement the \"usernameHandler\" and \"passwordHandler\".\n\nNB: You may want to retrieve the database name from the session (the \"$_SESSION\" variable).\n\n### Prevent database scraping\n\nYou may use the \"joinLimits\" and \"pageLimits\" middleware to prevent database scraping.\nThe \"joinLimits\" middleware limits the table depth, number of tables and number of records returned in a join operation. \nIf you want to allow 5 direct direct joins with a maximum of 25 records each, you can specify:\n\n    'joinLimits.depth' =\u003e 1,\n    'joinLimits.tables' =\u003e 5,\n    'joinLimits.records' =\u003e 25,\n\nThe \"pageLimits\" middleware limits the page number and the number records returned from a list operation. \nIf you want to allow no more than 10 pages with a maximum of 25 records each, you can specify:\n\n    'pageLimits.pages' =\u003e 10,\n    'pageLimits.records' =\u003e 25,\n\nNB: The maximum number of records is also applied when there is no page number specified in the request.\n\n### Search all text fields\n\nYou may use the \"textSearch\" middleware to simplify (wildcard) text searches when listing records. \nIt allows you to specify a \"search\" parameter using:\n\n    GET /records/posts?search=Hello\n\nIt will return all records from \"posts\" that contain \"Hello\" in one of their text (typed) fields:\n\n    {\n        \"records\":[\n            {\n                \"id\": 1,\n                \"title\": \"Hello world!\",\n                \"content\": \"Welcome to the first post.\",\n                \"created\": \"2018-03-05T20:12:56Z\"\n            }\n        ]\n    }\n\nThe example searches the fields \"title\" or \"content\" for the substring \"Hello\".\n\n### Customization handlers\n\nYou may use the \"customization\" middleware to modify request and response and implement any other functionality.\n\n    'customization.beforeHandler' =\u003e function ($operation, $tableName, $request, $environment) {\n        $environment-\u003estart = microtime(true);\n    },\n    'customization.afterHandler' =\u003e function ($operation, $tableName, $response, $environment) {\n        return $response-\u003ewithHeader('X-Time-Taken', microtime(true) - $environment-\u003estart);\n    },\n\nThe above example will add a header \"X-Time-Taken\" with the number of seconds the API call has taken.\n\n### JSON encoding options\n\nYou can change the way the JSON is encoded by setting the configuration parameter \"jsonOptions\".\n\n    'jsonOptions' =\u003e JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES,\n\nThe above example will set JSON options to 128+256+64 = 448, as per the list of options below:\n\n    JSON_HEX_TAG (1)\n        All \u003c and \u003e are converted to \\u003C and \\u003E. \n    JSON_HEX_AMP (2)\n        All \u0026 are converted to \\u0026. \n    JSON_HEX_APOS (4)\n        All ' are converted to \\u0027. \n    JSON_HEX_QUOT (8)\n        All \" are converted to \\u0022. \n    JSON_FORCE_OBJECT (16)\n        Outputs an object rather than an array when a non-associative array is used. \n        Especially useful when the recipient of the output is expecting an object and \n        the array is empty. \n    JSON_NUMERIC_CHECK (32)\n        Encodes numeric strings as numbers. \n    JSON_UNESCAPED_SLASHES (64)\n        Don't escape /. \n    JSON_PRETTY_PRINT (128)\n        Use whitespace in returned data to format it. \n    JSON_UNESCAPED_UNICODE (256)\n        Encode multibyte Unicode characters literally (default is to escape as \\uXXXX). \n    JSON_PARTIAL_OUTPUT_ON_ERROR (512)\n        Substitute some unencodable values instead of failing. \n    JSON_PRESERVE_ZERO_FRACTION (1024)\n        Ensures that float values are always encoded as a float value. \n    JSON_UNESCAPED_LINE_TERMINATORS (2048)\n        The line terminators are kept unescaped when JSON_UNESCAPED_UNICODE is supplied. \n        It uses the same behaviour as it was before PHP 7.1 without this constant. \n        Available as of PHP 7.1.0. \n\nSource: [PHP's JSON constants documentation](https://www.php.net/manual/en/json.constants.php) \n\n### JSON middleware\n\nYou may use the \"json\" middleware to read/write JSON strings as JSON objects and arrays.\n\nJSON strings are automatically detected when the \"json\" middleware is enabled.\n\nYou may limit the scanning of by specifying specific table and/or field names: \n\n    'json.tables' =\u003e 'products',\n    'json.columns' =\u003e 'properties',\n\nThis will change the output of:\n\n    GET /records/products/1\n\nWithout \"json\" middleware the output will be:\n\n    {\n        \"id\": 1,\n        \"name\": \"Calculator\",\n        \"price\": \"23.01\",\n        \"properties\": \"{\\\"depth\\\":false,\\\"model\\\":\\\"TRX-120\\\",\\\"width\\\":100,\\\"height\\\":null}\",\n    }\n\nWith \"json\" middleware the output will be:\n\n    {\n        \"id\": 1,\n        \"name\": \"Calculator\",\n        \"price\": \"23.01\",\n        \"properties\": {\n            \"depth\": false,\n            \"model\": \"TRX-120\",\n            \"width\": 100,\n            \"height\": null\n        },\n    }\n\nThis also applies when creating or modifying JSON string fields (also when using batch operations).\n\nNote that JSON string fields cannot be partially updated and that this middleware is disabled by default.\nYou can enable the \"json\" middleware using the \"middlewares\" configuration setting.\n\n### XML middleware\n\nYou may use the \"xml\" middleware to translate input and output from JSON to XML. This request:\n\n    GET /records/posts/1\n\nOutputs (when \"pretty printed\"):\n\n    {\n        \"id\": 1,\n        \"user_id\": 1,\n        \"category_id\": 1,\n        \"content\": \"blog started\"\n    }\n\nWhile (note the \"format\" query parameter):\n\n    GET /records/posts/1?format=xml\n\nOutputs:\n\n    \u003croot\u003e\n        \u003cid\u003e1\u003c/id\u003e\n        \u003cuser_id\u003e1\u003c/user_id\u003e\n        \u003ccategory_id\u003e1\u003c/category_id\u003e\n        \u003ccontent\u003eblog started\u003c/content\u003e\n    \u003c/root\u003e\n\nThis functionality is disabled by default and must be enabled using the \"middlewares\" configuration setting.\n\n### File uploads\n\nFile uploads are supported through the [FileReader API](https://caniuse.com/#feat=filereader), check out the [example](https://github.com/mevdschee/php-crud-api/blob/master/examples/clients/upload/vanilla.html).\n\n## OpenAPI specification\n\nOn the \"/openapi\" end-point the OpenAPI 3.0 (formerly called \"Swagger\") specification is served. \nIt is a machine readable instant documentation of your API. To learn more, check out these links:\n\n- [Swagger Editor](https://editor.swagger.io/) can be used to view and debug the generated specification.\n- [OpenAPI specification](https://swagger.io/specification/) is a manual for creating an OpenAPI specification.\n- [Swagger Petstore](https://petstore.swagger.io/) is an example documentation that is generated using OpenAPI.\n\n## Cache\n\nThere are 4 cache engines that can be configured by the \"cacheType\" config parameter:\n\n- TempFile (default)\n- Redis\n- Memcache\n- Memcached\n\nYou can install the dependencies for the last three engines by running:\n\n    sudo apt install php-redis redis\n    sudo apt install php-memcache memcached\n    sudo apt install php-memcached memcached\n\nThe default engine has no dependencies and will use temporary files in the system \"temp\" path.\n\nYou may use the \"cachePath\" config parameter to specify the file system path for the temporary files or\nin case that you use a non-default \"cacheType\" the hostname (optionally with port) of the cache server.\n\n## Types\n\nThese are the supported types with their length, category, JSON type and format:\n\n| type       | length | category  | JSON type | format              |\n| ---------- | ------ | --------- | --------- | ------------------- |\n| varchar    | 255    | character | string    |                     |\n| clob       |        | character | string    |                     |\n| boolean    |        | boolean   | boolean   |                     |\n| integer    |        | integer   | number    |                     |\n| bigint     |        | integer   | number    |                     |\n| float      |        | float     | number    |                     |\n| double     |        | float     | number    |                     |\n| decimal    | 19,4   | decimal   | string    |                     |\n| date       |        | date/time | string    | yyyy-mm-dd          | \n| time       |        | date/time | string    | hh:mm:ss            |\n| timestamp  |        | date/time | string    | yyyy-mm-dd hh:mm:ss |\n| varbinary  | 255    | binary    | string    | base64 encoded      |\n| blob       |        | binary    | string    | base64 encoded      |\n| geometry   |        | other     | string    | well-known text     |\n\nNote that geometry is a non-jdbc type and thus has limited support.\n\n## Data types in JavaScript\n\nJavascript and Javascript object notation (JSON) are not very well suited for reading database records. Decimal, date/time, binary and geometry types must be represented as strings in JSON (binary is base64 encoded, geometries are in WKT format). Below are two more serious issues described.\n\n### 64 bit integers\n\nJavaScript does not support 64 bit integers. All numbers are stored as 64 bit floating point values. The mantissa of a 64 bit floating point number is only 53 bit and that is why all integer numbers bigger than 53 bit may cause problems in JavaScript.\n\n### Inf and NaN floats\n\nThe valid floating point values 'Infinite' (calculated with '1/0') and 'Not a Number' (calculated with '0/0') cannot be expressed in JSON, as they are not supported by the [JSON specification](https://www.json.org). When these values are stored in a database then you cannot read them as this script outputs database records as JSON.\n\n## Errors\n\nThe following errors may be reported:\n\n| Error | HTTP response code        | Message\n| ----- | ------------------------- | --------------\n| 1000  | 404 Not found             | Route not found \n| 1001  | 404 Not found             | Table not found \n| 1002  | 422 Unprocessable entity  | Argument count mismatch \n| 1003  | 404 Not found             | Record not found \n| 1004  | 403 Forbidden             | Origin is forbidden \n| 1005  | 404 Not found             | Column not found \n| 1006  | 409 Conflict              | Table already exists \n| 1007  | 409 Conflict              | Column already exists \n| 1008  | 422 Unprocessable entity  | Cannot read HTTP message \n| 1009  | 409 Conflict              | Duplicate key exception \n| 1010  | 409 Conflict              | Data integrity violation \n| 1011  | 401 Unauthorized          | Authentication required \n| 1012  | 403 Forbidden             | Authentication failed \n| 1013  | 422 Unprocessable entity  | Input validation failed \n| 1014  | 403 Forbidden             | Operation forbidden \n| 1015  | 405 Method not allowed    | Operation not supported \n| 1016  | 403 Forbidden             | Temporary or permanently blocked \n| 1017  | 403 Forbidden             | Bad or missing XSRF token \n| 1018  | 403 Forbidden             | Only AJAX requests allowed \n| 1019  | 403 Forbidden             | Pagination Forbidden \n| 1020  | 409 Conflict              | User already exists\n| 1021  | 422 Unprocessable entity  | Password too short\n| 1022  | 422 Unprocessable entity  | Username is empty\n| 1023  | 404 Not found             | Primary key not found\n| 9999  | 500 Internal server error | Unknown error \n\nThe following JSON structure is used:\n\n    {\n        \"code\":1002,\n        \"message\":\"Argument count mismatch in '1'\"\n    }\n\nNB: Any non-error response will have status: 200 OK\n\n## Status\n\nTo connect to your monitoring there is a 'ping' endpoint:\n\n    GET /status/ping\n\nAnd this should return status 200 and as data:\n\n    {\n        \"db\": 42,\n        \"cache\": 9\n    }\n\nThese can be used to measure the time (in microseconds) to connect and read data from the database and the cache.\n\n## Custom controller\n\nYou can add your own custom REST API endpoints by writing your own custom controller class. \nThe class must provide a constructor that accepts five parameters. With these parameters you can register\nyour own endpoint to the existing router. This endpoint may use the database and/or the reflection class\nof the database.\n\nHere is an example of a custom controller class:\n\n```\nuse Psr\\Http\\Message\\ResponseInterface;\nuse Psr\\Http\\Message\\ServerRequestInterface;\nuse Tqdev\\PhpCrudApi\\Cache\\Cache;\nuse Tqdev\\PhpCrudApi\\Column\\ReflectionService;\nuse Tqdev\\PhpCrudApi\\Controller\\Responder;\nuse Tqdev\\PhpCrudApi\\Database\\GenericDB;\nuse Tqdev\\PhpCrudApi\\Middleware\\Router\\Router;\n\nclass MyHelloController {\n\n    private $responder;\n\n    public function __construct(Router $router, Responder $responder, GenericDB $db, ReflectionService $reflection, Cache $cache)\n    {\n        $router-\u003eregister('GET', '/hello', array($this, 'getHello'));\n        $this-\u003eresponder = $responder;\n    }\n\n    public function getHello(ServerRequestInterface $request): ResponseInterface\n    {\n        return $this-\u003eresponder-\u003esuccess(['message' =\u003e \"Hello World!\"]);\n    }\n}\n```\n\nAnd then you may register your custom controller class in the config object like this:\n\n```\n$config = new Config([\n    ...\n    'customControllers' =\u003e 'MyHelloController',\n    ...\n]);\n```\n\nThe `customControllers` config supports a comma separated list of custom controller classes.\n\n## Tests\n\nI am testing mainly on Ubuntu and I have the following test setups:\n\n  - (Docker) Debian 10 with PHP 7.3, MariaDB 10.3, PostgreSQL 11.4 (PostGIS 2.5) and SQLite 3.27\n  - (Docker) Debian 11 with PHP 7.4, MariaDB 10.5, PostgreSQL 13.4 (PostGIS 3.1) and SQLite 3.34\n  - (Docker) Debian 12 with PHP 8.2, MariaDB 10.11, PostgreSQL 15.3 (PostGIS 3.3) and SQLite 3.40\n  - (Docker) RockyLinux 8 with PHP 7.2, MariaDB 10.3 and SQLite 3.26\n  - (Docker) RockyLinux 9 with PHP 8.0, MariaDB 10.5 and SQLite 3.34\n  - (Docker) Ubuntu 18.04 with PHP 7.2, MySQL 5.7, PostgreSQL 10.4 (PostGIS 2.4) and SQLite 3.22\n  - (Docker) Ubuntu 20.04 with PHP 7.4, MySQL 8.0, PostgreSQL 12.15 (PostGIS 3.0) and SQLite 3.31 and SQL Server 2019\n  - (Docker) Ubuntu 22.04 with PHP 8.1, MySQL 8.0, PostgreSQL 14.2 (PostGIS 3.2) and SQLite 3.37 \n  - (Docker) Ubuntu 24.04 with PHP 8.3, MySQL 8.0, PostgreSQL 16.2 (PostGIS 3.4) and SQLite 3.45\n\nThis covers not all environments (yet), so please notify me of failing tests and report your environment. \nI will try to cover most relevant setups in the \"docker\" folder of the project.\n\n### Running\n\nTo run the functional tests locally you may run the following commands:\n\n    php build.php\n    php test.php\n\nThis runs the functional tests from the \"tests\" directory. It uses the database dumps (fixtures) and\ndatabase configuration (config) from the corresponding subdirectories.\n\n## Pretty URL\n\nYou may \"rewrite\" the URL to remove the \"api.php\" from the URL.\n\n### Apache config example\n\nEnable mod_rewrite and add the following to your \".htaccess\" file:\n\n```\nRewriteEngine On\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteRule ^(.*)$ api.php/$1 [L,QSA]\n```\n\nThe \".htaccess\" file needs to go in the same folder as \"api.php\".\n\n### Nginx config example\n\nUse the following config to serve the API under Nginx and PHP-FPM:\n\n```\nserver {\n    listen 80 default_server;\n    listen [::]:80 default_server;\n\n    root /var/www/html;\n    index index.php index.html index.htm index.nginx-debian.html;\n    server_name server_domain_or_IP;\n\n    location / {\n        try_files $uri $uri/ /api.php?$args;  \n    }\n\n    location ~ [^/]\\.php(/|$) {\n        fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n        try_files $fastcgi_script_name =404;\n        set $path_info $fastcgi_path_info;\n        fastcgi_param PATH_INFO $path_info;\n        fastcgi_index index.php;\n        include fastcgi.conf;\n        fastcgi_pass unix:/run/php/php7.0-fpm.sock;\n    }\n\n    location ~ /\\.ht {\n        deny all;\n    }\n}\n```\n\n### Docker tests\n\nInstall docker using the following commands and then logout and login for the changes to take effect:\n\n    sudo apt install docker.io docker-buildx\n    sudo usermod -aG docker ${USER}\n\nTo run the docker tests run \"build_all.sh\" and \"run_all.sh\" from the docker directory. The output should be:\n\n    ================================================\n    Debian 10 (PHP 7.3)\n    ================================================\n    [1/4] Starting MariaDB 10.3 ..... done\n    [2/4] Starting PostgreSQL 11.4 .. done\n    [3/4] Starting SQLServer 2017 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 921 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 1058 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 752 ms, 13 skipped, 0 failed\n    ================================================\n    Debian 11 (PHP 7.4)\n    ================================================\n    [1/4] Starting MariaDB 10.5 ..... done\n    [2/4] Starting PostgreSQL 13.4 .. done\n    [3/4] Starting SQLServer 2017 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 914 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 997 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 735 ms, 13 skipped, 0 failed\n    ================================================\n    Debian 12 (PHP 8.2)\n    ================================================\n    [1/4] Starting MariaDB 10.11 .... done\n    [2/4] Starting PostgreSQL 15.3 .. done\n    [3/4] Starting SQLServer 2019 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 1016 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 1041 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 733 ms, 13 skipped, 0 failed\n    ================================================\n    RockyLinux 8 (PHP 7.2)\n    ================================================\n    [1/4] Starting MariaDB 10.3 ..... done\n    [2/4] Starting PostgreSQL 11 .... skipped\n    [3/4] Starting SQLServer 2017 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 935 ms, 1 skipped, 0 failed\n    pgsql: skipped, driver not loaded\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 746 ms, 13 skipped, 0 failed\n    ================================================\n    RockyLinux 9 (PHP 8.0)\n    ================================================\n    [1/4] Starting MariaDB 10.5 ..... done\n    [2/4] Starting PostgreSQL 12 .... skipped\n    [3/4] Starting SQLServer 2017 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 928 ms, 1 skipped, 0 failed\n    pgsql: skipped, driver not loaded\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 728 ms, 13 skipped, 0 failed\n    ================================================\n    Ubuntu 18.04 (PHP 7.2)\n    ================================================\n    [1/4] Starting MySQL 5.7 ........ done\n    [2/4] Starting PostgreSQL 10.4 .. done\n    [3/4] Starting SQLServer 2017 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 1296 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 1056 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 772 ms, 13 skipped, 0 failed\n    ================================================\n    Ubuntu 20.04 (PHP 7.4)\n    ================================================\n    [1/4] Starting MySQL 8.0 ........ done\n    [2/4] Starting PostgreSQL 12.2 .. done\n    [3/4] Starting SQLServer 2019 ... done\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 1375 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 868 ms, 1 skipped, 0 failed\n    sqlsrv: 120 tests ran in 5713 ms, 1 skipped, 0 failed\n    sqlite: 120 tests ran in 733 ms, 13 skipped, 0 failed\n    ================================================\n    Ubuntu 22.04 (PHP 8.1)\n    ================================================\n    [1/4] Starting MySQL 8.0 ........ done\n    [2/4] Starting PostgreSQL 14.2 .. done\n    [3/4] Starting SQLServer 2019 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 1372 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 1064 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 727 ms, 13 skipped, 0 failed\n    ================================================\n    Ubuntu 24.04 (PHP 8.3)\n    ================================================\n    [1/4] Starting MySQL 8. ........ done\n    [2/4] Starting PostgreSQL 16.2 .. done\n    [3/4] Starting SQLServer 2019 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 1344 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 856 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 722 ms, 13 skipped, 0 failed\n\nThe above test run (including starting up the databases) takes less than 5 minutes on my slow laptop.\n\n    $ ./run.sh\n    1) debian10\n    2) debian11\n    3) debian12\n    4) rockylinux8\n    5) rockylinux9\n    6) ubuntu18\n    7) ubuntu20\n    8) ubuntu22\n    \u003e 6\n    ================================================\n    Ubuntu 18.04 (PHP 7.2)\n    ================================================\n    [1/4] Starting MySQL 5.7 ........ done\n    [2/4] Starting PostgreSQL 10.4 .. done\n    [3/4] Starting SQLServer 2017 ... skipped\n    [4/4] Cloning PHP-CRUD-API v2 ... skipped\n    ------------------------------------------------\n    mysql: 120 tests ran in 1296 ms, 1 skipped, 0 failed\n    pgsql: 120 tests ran in 1056 ms, 1 skipped, 0 failed\n    sqlsrv: skipped, driver not loaded\n    sqlite: 120 tests ran in 772 ms, 13 skipped, 0 failed\n    root@b7ab9472e08f:/php-crud-api# \n\nAs you can see the \"run.sh\" script gives you access to a prompt in the chosen docker environment.\nIn this environment the local files are mounted. This allows for easy debugging on different environments.\nYou may type \"exit\" when you are done.\n\n### Docker image\n\nThere is a `Dockerfile` in the repository that is used to build an image at:\n\n[https://hub.docker.com/r/mevdschee/php-crud-api](https://hub.docker.com/r/mevdschee/php-crud-api)\n\nIt will be automatically build on every release. The \"latest\" tag points to the last release.\n\nThe docker image accepts the environment variable parameters from the configuration.\n\n### Docker compose\n\nThis repository also contains a `docker-compose.yml` file that you can install/build/run using:\n\n    sudo apt install docker-compose\n    docker-compose build\n    docker-compose up\n\nThis will setup a database (MySQL) and a webserver (Apache) and runs the application using the blog example data used in the tests.\n\nTest the script (running in the container) by opening the following URL:\n\n    http://localhost:8080/records/posts/1\n\n### Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=mevdschee/php-crud-api\u0026type=Date)](https://star-history.com/#mevdschee/php-crud-api\u0026Date)\n\nEnjoy!\n","funding_links":[],"categories":["PHP","SQL Server Web Resources"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmevdschee%2Fphp-crud-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmevdschee%2Fphp-crud-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmevdschee%2Fphp-crud-api/lists"}