Page 1 of 1

PHP Web service(wsdl-mode) Question

Posted: Mon Jan 25, 2010 11:37 am
by jimath
hello everyone!

I d like to create a php web service that insert a patient to the db, using SOAP and WSDL.
Can i create a php class to be consumed without taking any parameters from the client?
For example:

A client including a form like this:

Code: Select all

 
....
<p align="center" valign="top">
        <form name="addP" action="index.php?type=addPatientToDB" method="POST" onSubmit="return check(this);">
                <table align="center" width="500px" border="1">
                        <tr>
                                <td colspan="2" align="center"><h2>???????? ??????</h2></td>
                        </tr>
                        <tr>
                                <td>FName :</td>
                                <td><input name="firstname" type="text" size="50"></td>
                        </tr>
                        <tr>
                                <td>LName:</td>
                                <td><input name="lastname" type="text" size="50"></td>
                        </tr>
                        <tr>
                                <td>Identity :</td>
                                <td><input name="identity" type="text" size="50"></td>
                     </tr>
                        <tr>
                                <td align="center"><input type="reset" name="reset" value="Clear"></td>
                                <td align="center"><input type="submit" name="submit" value="Submit"></td>
                        </tr>
                </table>
        </form>
</p>
....
....
$client=new SoapClient($wsdl);
$client->insertPatient();
 
 
and a handler class (service) like this:

Code: Select all

 
<?php
Class MyClass {
function insertPatient{
 
if($_POST["firstname"] != "" && $_POST["lastname"] != "" && $_POST["identity"] != "" ){
                $db = "mydb";
                $sql = "INSERT INTO patients (userid, firstname, lastname, identity) VALUES (" . $_SESSION["userid"] . ", '" . $_POST["firstname"] . "', '" . $_POST["lastname"] . "', '" . $_POST["identity"] . "') ";
                include($folder["query"]);
        }
        else{
                die("Please insert all info");
        }
 
 
echo("<script type=\"text/javascript\" language=\"Javascript\">
<!--
        window.open('index.php?type=showPatients&identity=" . $_POST["identity"] . "', '_self');
-->
</script>");
}
?>
 
 
server

Code: Select all

 
require_once "MyClass.php";
$wsdl=......
$srv=new SoapServer($wsdl);
$srv->setClass("MyClass");
$srv->handle();
 
Thank you!

Re: PHP Web service(wsdl-mode) Question

Posted: Mon Jan 25, 2010 12:28 pm
by JNettles
First of all you're going to want to approach this from a more consistent manner. Your class shouldn't be taking $_POST data directly - go ahead and create arguments for your function instead of grabbing them from the global $_POST. Why? This will make your code reusable in other locations and also frees you up from having to do error checking inside your insertion class - do NOT depend solely on your Javascript validation for all error checking.

Try to design your program like this.

HTML Form -> posts to process.php (or wherever).

Have a function that accepts the $_POST data and cleans it (read up on SQL injection attacks for the reason why) and do your error checking (eg. somebody enters an invalid identity). After you have your variables checked and ready, create a function that takes those variables as an argument. This is a pillar of good OOP.

Code: Select all

function insertPatient($firstname, $lastname, $identity)
{
.......
This will give you a much more capable web service rather than depending directly on global post data. This way if you come across a situation where you need to do an insert without a POST you'll be set and ready. Keep resusable code in mind always.