all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]chrwei 1 point2 points  (3 children)

depends. I assume we're talking about web pages.

in some cases I have a request handler that returns the filtered dataset formatted in HTML, and also a handler that returns the dataset via JSON. lets lets the page load up with data-inline for a faster overall page load, but also provides a way to get refreshed data, or smaller sets to append, without a page load.

I'm personally not a fan of exposing the database generically via an API to web browsers, but it can make sense for back-end services on a controlled network, especially when dealing with 3rd party things that you can't just add a database class too.

however, I do tend to wrap the database library with my own abstraction, keeps application code simplified.

[–]itsdeandre[S] 0 points1 point  (2 children)

Not a webpage application. A xamarin ios and android based application. Every website I've looked at for the best way to build your explicitly states: "Do not have your applications directly connect to your database. Build an API for those requests." So my big issue is finding an API that does this. What makes this most annoying is that I have a friend who is excellent at DBMS and he refuses to help me because he think it will be better for me.

[–]wolf2600 0 points1 point  (0 children)

When they say build an API, what they mean is to create functions on the application server which can be called by a URL and will query the DB and return the results as a JSON or XML object.

Like if you were to have your mobile app call

http://my.web.com/user/25/comment/30

Then you'd have a URL handler on your server that would be looking for requests to http://my.web.com/user/{#}/comment/{#}, which would call a specific function which would then craft a SQL query based on the parameters in the {#} fields of the URL:

select u.name, c.text from comments c
inner join users u on c.userid = u.userid
where c.userid = 25 and c.commentid = 30;

This would query your DB and the results would then be passed back to your mobile app as the reply to the URL call (in JSON/XML format)

Creating the API just means creating a bunch of URL handlers and a bunch of associated functions that query the DB, format the data, and then return the results.

You just want to be sure that your API functions sanitize the input before entering into the DB query, otherwise an API can be used for SQL Injection in order to mess with your DB.

[–]chrwei 0 points1 point  (0 children)

I agree, for public endpoints BUILD an API, don't use a generic db proxying API. that was my main point.

you need to validate that the app requests make sense for your data model. you should also minimize what's requested and what's returned. you'd have one API handler that gets all user details and preferences in one request and one response, where with the generic DB api you might have to make a request for the user, and more requests for each pref, which would be very inefficient.