kinlane
11/30/2013 - 4:45 AM

FAFSA API - applications PHP endpoint

FAFSA API - applications PHP endpoint

<?php
$route = '/applications/';
$app->get($route, function ()  use ($app){

	$ReturnObject = array();

	if(isset($_REQUEST['fields'])){ $fields = $_REQUEST['fields']; } else { $fields = '*';}
	
	// Need to validate fields against data model
		
	$Query = "SELECT " . mysql_real_escape_string($fields) . " FROM application";
	$Query .= " ORDER BY last_name ASC";
	$Query .= " LIMIT 25";
	
	//echo $Query . "<br />";
	$LinkResult = mysql_query($Query) or die('Query failed: ' . mysql_error());
	  
	while ($Link = mysql_fetch_assoc($LinkResult))
		{
		$F = array();	
		foreach($Link as $key => $value){
			$F[$key] = $value;			
			}
		array_push($ReturnObject, $F);	
		}

	$app->response()->header("Content-Type", "application/json");
	echo format_json(json_encode($ReturnObject));
	
	});


$route = '/applications/:fafsa_id';
$app->get($route, function ($fafsa_id)  use ($app){

	$ReturnObject = array();

	if(isset($_REQUEST['fields'])){ $fields = $_REQUEST['fields']; } else { $fields = '*';}
	
	// Need to validate fields against data model
		
	$Query = "SELECT " . mysql_real_escape_string($fields) . " FROM application";
	$Query .= " WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
	//echo $Query . "<br />";
	$LinkResult = mysql_query($Query) or die('Query failed: ' . mysql_error());
	  
	while ($Link = mysql_fetch_assoc($LinkResult))
		{
		$F = array();	
		foreach($Link as $key => $value){
			$F[$key] = $value;			
			}
		array_push($ReturnObject, $F);	
		}

	$app->response()->header("Content-Type", "application/json");
	echo format_json(json_encode($ReturnObject));
	
	});
	
$route = '/applications/';	
$app->post($route, function () use ($app){
	
	$Add = 1;
	$ReturnObject = array();
	
	if(isset($_POST['first_name'])){ $first_name = $_POST['first_name']; } else { $first_name = ''; $Add = 0; }	
	if(isset($_POST['last_name'])){ $last_name = $_POST['last_name']; } else { $last_name = ''; $Add = 0; }	
	if(isset($_POST['students_email_address'])){ $students_email_address = $_POST['students_email_address']; } else { $students_email_address = ''; $Add = 0; }		
    
	// Go ahead and create
	if($Add==1){
		
		$fafsa_id = $first_name . "-" . $last_name . "-" . $students_email_address;
		$fafsa_id = md5($fafsa_id);
		
	  	$AppQuery = "SELECT fafsa_id,first_name,last_name,students_email_address FROM application WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
		//echo $AppQuery . "<br />";
		$AppResult = mysql_query($AppQuery) or die('Query failed: ' . mysql_error());
		
		if($AppResult && mysql_num_rows($AppResult))
			{	
			$App = mysql_fetch_assoc($AppResult);	
			
			$F = array();
			$F['fafsa_id'] = $App['fafsa_id'];
			$F['first_name'] = $App['first_name'];
			$F['last_name'] = $App['last_name'];
			$F['students_email_address'] = $App['students_email_address'];
			array_push($ReturnObject, $F);				
			
			}
		else 
			{
			$InsertAppQuery = "INSERT INTO application(first_name,last_name,students_email_address,fafsa_id)";
			$InsertAppQuery .= " VALUES(";
			
			$InsertAppQuery .= "'" . mysql_real_escape_string($first_name) . "',";
			$InsertAppQuery .= "'" . mysql_real_escape_string($last_name) . "',";
			$InsertAppQuery .= "'" . mysql_real_escape_string($students_email_address) . "',";
			$InsertAppQuery .= "'" . mysql_real_escape_string($fafsa_id) . "'";
			
			$InsertAppQuery .= ")";
			//echo $InsertAppQuery . "<br />";
			mysql_query($InsertAppQuery) or die('Query failed: ' . mysql_error());		
			
			$F = array();
			$F['fafsa_id'] = $fafsa_id;
			$F['first_name'] = $first_name;
			$F['last_name'] = $last_name;
			$F['students_email_address'] = $students_email_address;
			array_push($ReturnObject, $F);	
				
			}	
			
		$app->response()->header("Content-Type", "application/json");
		echo format_json(json_encode($ReturnObject));													
			
		}
	else{
		
		$F = array();
		$F['error'] = 'Make sure and provide complete first_name, last_name and students_email_address';
		array_push($ReturnObject, $F);			
				
		$app->response()->header("Content-Type", "application/json");
		$app->response()->status(500);
		echo format_json(json_encode($ReturnObject));			
		}

	});	

$route = '/applications/:fafsa_id';	
$app->put($route, function ($fafsa_id) use ($app){
	
 	$request = $app->request(); 
 	$_PUT = $request->params();
	
  	$AppQuery = "SELECT fafsa_id FROM application WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
	//echo $AppQuery . "<br />";
	$AppResult = mysql_query($AppQuery) or die('Query failed: ' . mysql_error());
	
	if($AppResult && mysql_num_rows($AppResult))
		{	
		$App = mysql_fetch_assoc($AppResult);	

		$UpdateSQL = "UPDATE application SET ";

		foreach($_PUT as $key => $value){
			$UpdateSQL .= $key . "='" . mysql_real_escape_string(urldecode($value)) . "', ";
			}
		
		$UpdateSQL = substr($UpdateSQL, 0,strlen($UpdateSQL)-2);
		$UpdateSQL .= " WHERE fafsa_id = '" . $fafsa_id . "'";
		
		//echo $UpdateSQL . "<br />";
		mysql_query($UpdateSQL) or die('Query failed: ' . mysql_error());  
		
		$app->response()->status(200);
		
		}
	else {
		$app->response()->status(400);
	}
		
	});

$route = '/applications/:fafsa_id';
$app->delete($route, function ($fafsa_id) use ($app){

  	$AppQuery = "SELECT fafsa_id FROM application WHERE fafsa_id = '" . mysql_real_escape_string($fafsa_id) . "'";
	//echo $AppQuery . "<br />";
	$AppResult = mysql_query($AppQuery) or die('Query failed: ' . mysql_error());
	
	if($AppResult && mysql_num_rows($AppResult))
		{	
		$App = mysql_fetch_assoc($AppResult);	

		$UpdateSQL = "DELETE FROM application WHERE fafsa_id = '" . $fafsa_id . "'";		
		//echo $UpdateSQL . "<br />";
		mysql_query($UpdateSQL) or die('Query failed: ' . mysql_error());  
		
		$app->response()->status(200);
		
		}
	else {
		$app->response()->status(400);
	}
		
	});
?>