philsturgeon

Never Expose DB Results Directly

1. If you rename a field, then your users are fucked. Convert with a hardcoded array structure.
2. Most DB drivers [for PHP] will show integers as numeric strings and false as "0", so you want to typecast them.
3. Unless you're using an ORM with "hidden" functionality, people will see passwords, salts and all sorts of fancy codes. If you add one and forget to put it in your $hidden array then OOPS!

Use the URI sparingly, and correctly

1. Use the query string for paired params instead of /users/id/5/active/true. Your API does not need to be SEO optimised.
2. ?format=xml is stupid, use an Accept: application/xml header. I added this to the CodeIgniter Rest Server once for lazy people, and now people think it's a thing. It's not.

philsturgeon

API Specs & Docs

Style Guide

A lot of this information has been used to create linting rules for [Speccy], so just run the linter with --rules=strict for advice. It will be updated over time, as new rules are created.

File Structure

OpenAPI supports JSON Pointer via $ref keys, even when you’re writing in YAML. Swagger.io has a great guide for $ref and JSON Pointer.

philsturgeon

if ($handle = fopen($csv_file, 'r'))
{
	$all_headings = array_unique(explode(',', trim(fgets($handle))));

	foreach ($all_headings as $heading)
	{
		if ( ! $heading)
		{
			break;
		}

philsturgeon

---
layout: post
title: "Episode 3: ExpressionEngine StackExchange"
date: 2012-12-20 10:47
comments: true
filename: some-file-name-without-extension
length: 52409154
summary: ExpressionEngine Pro Anna Brown and Testing Hero Chris Hartjes join Ben Edmunds and Phil Sturgeon to discuss the recent rumblings in the ExpressionEngine community and the new EE StackExchange site. We talk about Inversion of Control (IoC), what it is, why its useful and how it's done.
---

philsturgeon

{"lastUpload":"2020-05-29T11:26:30.695Z","extensionVersion":"v3.4.3"}

philsturgeon

rules:
  cache-control-undocumented:
    description: |-
      Cache usage MUST be extensively detailed in the `description` property
      to avoid data leaks or the usage of stale data.
      
      This rule should ensure in some way that the api provider
      documented extensively the cache usage to avoid data leaks
      or usage of stale data.
      

philsturgeon

swagger: '2.0'
schemes:
  - https
host: api.giphy.com
basePath: /v1
info:
  contact:
    email: support@giphy.com
  description: Giphy API phantom change
  termsOfService: 'https://developers.giphy.com/'

philsturgeon

Treeware

You're free to use this package, but if it makes it to your production environment you are required to buy the world a tree.

It’s now common knowledge that one of the best tools to tackle the climate crisis and keep our temperatures from rising above 1.5C is to plant trees. If you support this package and contribute to the Treeware forest you’ll be creating employment for local families and restoring wildlife habitats.

You can buy trees here offset.earth/treeware

Read more about Treeware at treeware.earth

philsturgeon

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class REST_Controller extends Controller {
    
    private $method;
    private $format;
    
    private $get_args;
    private $put_args;
    private $args;

philsturgeon

#!/bin/bash
#
# /etc/init.d/gearman-workers

### BEGIN INIT INFO
# Provides:          gearman-workers
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6