FAFSA API - applications PHP endpoint
<?php
$route = '/applications/';
$app->get($route, function () use ($app){
$ReturnObject = array();
if(isset($_REQUEST['fields'])){ $fields = $_REQUEST['fields']; } else { $fields = '*';}
// Need to validate fields against data model
$Query = "SELECT " . mysql_real_escape_string($fields) . " FROM application";
$Query .= " ORDER BY last_name ASC";
$Query .= " LIMIT 25";
//echo $Query . "<br />";
$LinkResult = mysql_query($Query) or die('Query failed: ' . mysql_error());
while ($Link = mysql_fetch_assoc($LinkResult))
{
$F = array();
foreach($Link as $key => $value){
$F[$key] = $value;
}
array_push($ReturnObject, $F);
}
$app->response()->header("Content-Type", "application/json");
echo format_json(json_encode($ReturnObject));
});
$route = '/applications/:fafsa_id';
$app->get($route, function ($fafsa_id) use ($app){
$ReturnObject = array();
if(isset($_REQUEST['fields'])){ $fields = $_REQUEST['fields']; } else { $fields = '*';}
// Need to validate fields against data model
$Query = "SELECT " . mysql_real_escape_string($fields) . " FROM application";
$Query .= " WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
//echo $Query . "<br />";
$LinkResult = mysql_query($Query) or die('Query failed: ' . mysql_error());
while ($Link = mysql_fetch_assoc($LinkResult))
{
$F = array();
foreach($Link as $key => $value){
$F[$key] = $value;
}
array_push($ReturnObject, $F);
}
$app->response()->header("Content-Type", "application/json");
echo format_json(json_encode($ReturnObject));
});
$route = '/applications/';
$app->post($route, function () use ($app){
$Add = 1;
$ReturnObject = array();
if(isset($_POST['first_name'])){ $first_name = $_POST['first_name']; } else { $first_name = ''; $Add = 0; }
if(isset($_POST['last_name'])){ $last_name = $_POST['last_name']; } else { $last_name = ''; $Add = 0; }
if(isset($_POST['students_email_address'])){ $students_email_address = $_POST['students_email_address']; } else { $students_email_address = ''; $Add = 0; }
// Go ahead and create
if($Add==1){
$fafsa_id = $first_name . "-" . $last_name . "-" . $students_email_address;
$fafsa_id = md5($fafsa_id);
$AppQuery = "SELECT fafsa_id,first_name,last_name,students_email_address FROM application WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
//echo $AppQuery . "<br />";
$AppResult = mysql_query($AppQuery) or die('Query failed: ' . mysql_error());
if($AppResult && mysql_num_rows($AppResult))
{
$App = mysql_fetch_assoc($AppResult);
$F = array();
$F['fafsa_id'] = $App['fafsa_id'];
$F['first_name'] = $App['first_name'];
$F['last_name'] = $App['last_name'];
$F['students_email_address'] = $App['students_email_address'];
array_push($ReturnObject, $F);
}
else
{
$InsertAppQuery = "INSERT INTO application(first_name,last_name,students_email_address,fafsa_id)";
$InsertAppQuery .= " VALUES(";
$InsertAppQuery .= "'" . mysql_real_escape_string($first_name) . "',";
$InsertAppQuery .= "'" . mysql_real_escape_string($last_name) . "',";
$InsertAppQuery .= "'" . mysql_real_escape_string($students_email_address) . "',";
$InsertAppQuery .= "'" . mysql_real_escape_string($fafsa_id) . "'";
$InsertAppQuery .= ")";
//echo $InsertAppQuery . "<br />";
mysql_query($InsertAppQuery) or die('Query failed: ' . mysql_error());
$F = array();
$F['fafsa_id'] = $fafsa_id;
$F['first_name'] = $first_name;
$F['last_name'] = $last_name;
$F['students_email_address'] = $students_email_address;
array_push($ReturnObject, $F);
}
$app->response()->header("Content-Type", "application/json");
echo format_json(json_encode($ReturnObject));
}
else{
$F = array();
$F['error'] = 'Make sure and provide complete first_name, last_name and students_email_address';
array_push($ReturnObject, $F);
$app->response()->header("Content-Type", "application/json");
$app->response()->status(500);
echo format_json(json_encode($ReturnObject));
}
});
$route = '/applications/:fafsa_id';
$app->put($route, function ($fafsa_id) use ($app){
$request = $app->request();
$_PUT = $request->params();
$AppQuery = "SELECT fafsa_id FROM application WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
//echo $AppQuery . "<br />";
$AppResult = mysql_query($AppQuery) or die('Query failed: ' . mysql_error());
if($AppResult && mysql_num_rows($AppResult))
{
$App = mysql_fetch_assoc($AppResult);
$UpdateSQL = "UPDATE application SET ";
foreach($_PUT as $key => $value){
$UpdateSQL .= $key . "='" . mysql_real_escape_string(urldecode($value)) . "', ";
}
$UpdateSQL = substr($UpdateSQL, 0,strlen($UpdateSQL)-2);
$UpdateSQL .= " WHERE fafsa_id = '" . $fafsa_id . "'";
//echo $UpdateSQL . "<br />";
mysql_query($UpdateSQL) or die('Query failed: ' . mysql_error());
$app->response()->status(200);
}
else {
$app->response()->status(400);
}
});
$route = '/applications/:fafsa_id';
$app->delete($route, function ($fafsa_id) use ($app){
$AppQuery = "SELECT fafsa_id FROM application WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
//echo $AppQuery . "<br />";
$AppResult = mysql_query($AppQuery) or die('Query failed: ' . mysql_error());
if($AppResult && mysql_num_rows($AppResult))
{
$App = mysql_fetch_assoc($AppResult);
$UpdateSQL = "DELETE FROM application WHERE fafsa_id = '" . $fafsa_id . "'";
//echo $UpdateSQL . "<br />";
mysql_query($UpdateSQL) or die('Query failed: ' . mysql_error());
$app->response()->status(200);
}
else {
$app->response()->status(400);
}
});
?>