IoT WEB APPLICATION DEVELOPMENT USING PHP

NITIW401

Develop IoT Web Application Using PHP

Competence
RQF Level: 4 Learning Hours
100
Credits: 10

Sector: ICT andMultimedia

Trade: Network and Internet Technologies

Module Type: Specific

Curriculum: ICTNIT4001 TVET Certificate IV in Networking and Internet

Technologies

Copyright: © RwandaTVET Board, 2023

Issue Date: September
, 2023

1
Learning outcome 1: Develop Application programming interface (API) using PHP.
1.1. Analysis of IoT Web application requirements

Analyzing IoT web application requirements is a crucial step in the development process to
ensure that the application meets its intended goals and functions effectively.

.1.1. Identify System Requirements

Collect the Data: Determine what data the IoT application needs to collect, monitor, or control.
This can include sensor data (temperature, humidity, motion, etc.), user input, or external data
sources.

Select Required Devices While Developing and Displaying: Decide on the specific IoT
devices, sensors, actuators, and displays that will be used in the application. Consider
compatibility, scalability, and cost-effectiveness.

Identify Source of Data: Understand where the data will come from. It could be from physical
sensors, a database, external APIs, or a combination of these sources. Knowing the data sources
is essential for data integration and processing.

Describe Types of System Architecture: Define the system architecture, including whether it's
a centralized, decentralized, or hybrid system. Consider whether data processing will happen at
the edge (on IoT devices) or in the cloud. Choose between client-server, peer-to-peer, or other
architectural patterns.

.1.2. Functional Requirements

Define Use Cases: Specify the various functions the IoT web application will perform. For
example, real-time monitoring, data visualization, alerts, remote control, reporting, and analytics.

User Roles: Identify different user roles and their specific interactions with the system. For
example, administrators, end-users, and guests may have different levels of access and
functionality.

Data Processing: Describe how the application will process and transform data. This includes
data validation, aggregation, and storage.

2
.1.3. Non-functional Requirements

Performance: Define performance expectations, such as response times, throughput, and

scalability. Ensure the system can handle the expected number of devices and data volume.

Security: Specify security measures to protect data, devices, and communication. This includes
encryption, authentication, authorization, and secure device management.

Reliability: Determine the system's availability, fault tolerance, and backup strategies. IoT
applications often need to work continuously without downtime.

Scalability: Address how the system will scale as the number of devices and users grows.
Consider load balancing and resource allocation.

Usability: Ensure that the user interface is intuitive and user-friendly. Consider accessibility and
user experience design.

.1.4. Code Management

Version Control and collaboration: Implement a version control system (e.g., Git) to track
changes in the codebase, collaborate with team members, and manage code branches.

Code Documentation: Maintain clear and comprehensive documentation for the codebase,
including comments, API documentation, and usage guides.

Testing and Quality Assurance: Establish testing procedures, including unit testing, integration
testing, and system testing. Ensure code quality through code reviews and continuous
integration/continuous deployment (CI/CD) pipelines.

Deployment and Monitoring: Define deployment processes and implement monitoring

solutions to detect and address issues in real-time.

Continuous Delivery (CD):

 Automate the deployment of IoT updates to devices and cloud services.
 Implement blue-green deployments or canary releases to minimize downtime and the
impact of potential issues.
Code Minimization and Optimization:
 Modularize Your Code: Break your code into modular components, making it easier to
manage and test. This also allows you to load only the necessary modules, reducing
memory usage.

3
  Remove Unused Code: Regularly review and remove any code that is no longer
necessary.
 Code Size Analysis: Use tools to analyze your code's size and identify areas for
optimization.

.2. Prepare PHP environment

.2.1. Description of key terms
 PHP (Hypertext Preprocessor)
Purpose: PHP is a server-side scripting language primarily designed for web development. It is
used to create dynamic web pages and applications.
Characteristics: PHP is versatile, easy to learn, and has a large community of developers. It can
be embedded within HTML code and offers excellent database connectivity, making it a popular
choice for web development.
 Interpreter
An interpreter is a program that reads and executes code directly, line by line. It is commonly
used for scripting languages like PHP. PHP scripts are interpreted by the PHP interpreter,
allowing for on-the-fly execution of code.
 Compiler
A compiler is a program that translates source code into machine code or an intermediate form
before execution. Languages like C and C++ are compiled. PHP is not compiled; it's interpreted,
meaning you don't need a separate compilation step.
 Open Source
PHP is open-source, which means its source code is freely available to the public. This
encourages collaboration, transparency, and a large community of developers who contribute to
its development and improvement.
 Web Server
A web server is software that serves web pages and content to users' web browsers. Apache,
Nginx, and Microsoft Internet Information Services (IIS) are examples of web servers that can
run PHP scripts.

4
  Database (DBMS, MySQL, NoSQL)
DBMS (Database Management System): A DBMS is software that manages databases. It
provides tools to create, access, update, and manage data. MySQL and NoSQL databases are two
types.
MySQL: MySQL is a popular open-source relational database management system. It's
commonly used with PHP for data storage and retrieval in web applications.
NoSQL: NoSQL databases (e.g., MongoDB, Cassandra) offer more flexible data storage options
compared to traditional relational databases. They are used for various web applications where
data structures are not predefined.
 Browser
A web browser is software used to access and display web content, including HTML, CSS, and
JavaScript. Popular web browsers include Google Chrome, Mozilla Firefox, Microsoft Edge, and
Safari.
 Text Editor
A text editor is software for creating and editing plain text files. Many developers use text editors
for writing code. Examples include Notepad, Visual Studio Code, Sublime Text, and Vim.
 Integrated Development Environment (IDE)
An IDE is a software suite that provides comprehensive tools for software development. It
typically includes a code editor, debugger, compiler/interpreter, and other features to streamline
development. For PHP, popular IDEs include PHPStorm, Visual Studio Code with PHP
extensions, and NetBeans.
.2.2. Installation of environment tools
 Install Apache, mysql, php (xampp, mamp, wamp,lamp)
 Install Browser
 Install Text Editor
 Install Integrated Development Environment (IDE)
 Configure Apache, MySQL, php (xampp, mamp, wamp,lamp)
 Test the environment using phpinfo() function

5
.3. Identification of PHP concepts
.3.1. Tags:
In PHP, code is embedded within HTML using tags. The standard opening tag is <?php and the
closing tag is ?>. PHP code is placed between these tags.
Example
<?php
echo "Hello, World!";
?>
.3.2. Variable
Variables in PHP are used to store data values. They are identified by a dollar sign ($) followed
by the variable name.
Example
<?php
$myVariable; //Variable declaration
$myVariable=5; //Assign Value to variable
?>
 Variable Naming Rules:
 Variable names must start with a dollar sign.
 Variable names must not start with numbers.
 Variable names include letters, numbers, and underscores.
 Variable names are case-sensitive.
 Variable Types: PHP variables are loosely typed, meaning they can change type during
runtime. Common types include: integers, floats, strings, booleans, and arrays.
 Scopes: Variables in PHP can have different scopes. They can be local (defined within a
function), global (defined outside functions), or super global (accessible from anywhere
in the script).
.3.3. Super Global Variables
Super global variables are built-in variables in PHP that are always accessible, regardless of the
scope. Examples include $_POST, $_GET, $_SESSION, and $_COOKIE, which are used to
handle HTTP requests, sessions, and cookies.

6
.3.4. Operators
PHP supports a wide range of operators including:
 arithmetic operators (+, -, *, /),
 comparison operators (==, !=, <, >),
 logical operators (&&, ||),
 assignment operators (=).
Example
$a = 5;
$b = 10;
$sum = $a + $b; // $sum now holds 15
.3.5. Data Types
PHP has various data types including:
 integers,
 floats,
 strings,
 booleans,
 arrays,
 objects.
Data types are automatically assigned based on the value assigned to a variable.
Example
$age = 25; // Integer
$price = 19.99; // Float
$name = "John"; // String
$isStudent = true; // Boolean
.3.6. Variable Scope
Variable scope determines where a variable can be accessed within a script. PHP has local scope
(inside functions), global scope (outside functions), and super global scope (accessible from
anywhere in the script).
.3.7. Constants
Constants are similar to variables, but their values cannot be changed once defined. They are
defined using the define() function and conventionally written in uppercase.

7
Example
define("PI", 3.14159);
echo PI; // Outputs 3.14159
.3.8. Comment
Comments in PHP are used to provide explanations within the code. Single-line comments start
with //, and multi-line comments are enclosed between /* and */.
Example
// This is a single-line comment
/*
This is a
multi-line comment
*/
.3.9. String Concatenation
String concatenation is the process of combining two or more strings. In PHP, the . operator is
used for string concatenation. For example, $str1 . $str2 will concatenate two strings.
Example
$name = "John";
$age = 30;
// String concatenation
$message = "My name is " . $name . " and I am " . $age . " years old.";

.3.10. Control structures

PHP provides various control structures for managing the flow of the code, including conditional
statements, iterating statements, switch statements, and jump statements. Here's an overview of
each:

 Conditional statements
Conditional statements allow you to execute different code blocks based on certain conditions.
The most common conditional statements in PHP are:

8
1. if statement - executes some code if one condition is true.
Syntax
if (condition) {
code to be executed if condition is true;
}
Example
<?php
$num=12;
if($num<100){
echo "$num is less than 100";
}
?>
Output: 12 is less than 100

2. if...else statement - executes some code if a condition is true and another code if that
condition is false.

Syntax
if (condition) {
code to be executed if condition is true;
} else {
code to be executed if condition is false;
}
Example
<?php
$num=12;
if($num%2==0){
echo "$num is even number";
}else{
echo "$num is odd number";
}
?>
Output: 12 is even number

3. if...elseif...else statement - executes different codes for more than two conditions.

Syntax
if (condition) {
code to be executed if this condition is true;
} elseif (condition) {
code to be executed if first condition is false and this condition is true;
} else {
code to be executed if all conditions are false;
}

9
 Example
<?php
$marks=69;
if ($marks<33){
echo "fail";
}
else if ($marks>=34 && $marks<50) {
echo "D grade";
}
else if ($marks>=50 && $marks<65) {
echo "C grade";
}
else if ($marks>=65 && $marks<80) {
echo "B grade";
}
else if ($marks>=80 && $marks<90) {
echo "A grade";
}
else if ($marks>=90 && $marks<100) {
echo "A+ grade";
}
else {
echo "Invalid input";
}

}
?>

Output: B grade

4. switch statement - selects one of many blocks of code to be executed.

Syntax
switch (n) {
case label1:
code to be executed if n=label1;
break;
case label2:
code to be executed if n=label2;
break;
case label3:
code to be executed if n=label3;
break;
...
default:

10
 code to be executed if n is different from all labels;
}
Example
<?php
$num=20;
switch($num){
case 10:
echo("number is equals to 10");
break;
case 20:
echo("number is equal to 20");
break;
case 30:
echo("number is equal to 30");
break;
default:
echo("number is not equal to 10, 20 or 30");
}
?>

Output: number is equal to 20

 Iterating statement
Iterating statements (loops) are used to repeatedly execute a block of code. Loops are used to
execute the same block of code again and again, as long as a certain condition is true.
PHP provides various loop constructs, including:
1. for - loops through a block of code a specified number of times
Syntax
for (init counter; test counter; increment counter) {
code to be executed for each iteration;
}
Example
<?php
for($n=1;$n<=10;$n++){
echo "$n<br/>";
}
?>

Output: 1,2,3,4,5,6,7,8,9,10
2. nested for - We can use for loop inside for loop in PHP, it is known as nested for loop. The
inner for loop executes only when the outer for loop condition is found true

11
 Example
<?php
for($i=1;$i<=3;$i++){
for($j=1;$j<=3;$j++){
echo "$i $j<br/>";
}
}

?>

Output:
11
12
13
21
22
23
31
32
33

3. foreach - loops through a block of code for each element in an array

Syntax
foreach ($array as $value) {
code to be executed;
}
Example
<?php
$season=array("summer","winter","spring","autumn");
foreach( $season as $arr ){
echo "Season is: $arr<br />";
}
?>
Output:
Season is: summer
Season is: winter
Season is: spring
Season is: autumn

12
4. while - loops through a block of code as long as the specified condition is true
Syntax
while (condition is true) {
code to be executed;
}

Example
<?php
$$n=1;
while($n<=10){
echo "$n<br/>";
$n++;
}
?>

Output: 1 2 3 4 5 6 7 8 9 10

5. do...while - loops through a block of code once, and then repeats the loop as long as the
specified condition is true
Syntax
do {
code to be executed;
} while (condition is true);
Example
<?php
$n=1;
do{
echo "$n<br/>";
$n++;
}while($n<=10);
?>

Output: 1 2 3 4 5 6 7 8 9 10

 Jump statements

PHP provides several jump statements that allow you to control the flow of the code. These jump
statements are used to alter the normal execution flow of a program. The main jump statements
in PHP are:
1. break statement
The break statement can be used to jump out of a loop.

13
The example below jumps out of the loop when x is equal to 4:
<?php
for ($x = 0; $x < 10; $x++) {
if ($x == 4) {
break;
}
echo "The number is: $x <br>";
}
?>
Output:
The number is: 0
The number is: 1
The number is: 2
The number is: 3

2. continue statement
The continue statement breaks one iteration (in the loop), if a specified condition occurs, and
continues with the next iteration in the loop.
The example below skips the value of 4:

<?php
for ($x = 0; $x < 10; $x++) {
if ($x == 4) {
continue;
}
echo "The number is: $x <br>";
}
?>
Output:
The number is: 0
The number is: 1
The number is: 2
The number is: 3
The number is: 5
The number is: 6
The number is: 7
The number is: 8
The number is: 9

.3.11. Arrays
PHP array is an ordered map (contains value on the basis of key). It is used to hold multiple
values of similar type in a single variable. There are three types of array:

14
  Indexed array
PHP index is represented by number which starts from 0. We can store number, string and object
in the PHP array. All PHP array elements are assigned to an index number by default.
There are two ways to define indexed array:
1st way:
$season=array("summer","winter","spring","autumn");
2nd way:
$season[0]="summer";
$season[1]="winter";
$season[2]="spring";
$season[3]="autumn";
Example

<?php
$season=array("summer","winter","spring","autumn");
echo "Season are: $season[0]";
echo "Season are: $season[1]";
echo "Season are: $season[2]";
echo "Season are: $season[3]";
?>
OR
<?php
$season[0]="summer";
$season[1]="winter";
$season[2]="spring";
$season[3]="autumn";
echo "Season are: $season[0]";
echo "Season are: $season[1]";
echo "Season are: $season[2]";
echo "Season are: $season[3]";
?>
Output:
Season are: summer
Season are: winter
Season are: spring
Season are: automn

 Associative array
Associative arrays are arrays that use named keys that you assign to them.

15
There are two ways to create an associative array:
$age = array("Peter"=>"35", "Ben"=>"37", "Joe"=>"43");
or:
$age['Peter'] = "35";
$age['Ben'] = "37";
$age['Joe'] = "43";
Example
<?php
$info = array("Peter"=>35, "Ben"=>"Musanze", "Joe"=>"[email protected]");
echo "Peter is " . $info['Peter'] . " years old.";
echo "Ben lives in " . $info['Ben'] . ";
echo "Joe email is " . $info['Joe'] .;
?>
Output:
Peter is 35 years old.
Ben lives in Musanze.
Joe email is [email protected].

 Multidimensional array
A multidimensional array is an array containing one or more arrays.
PHP supports multidimensional arrays that are two, three, four, five, or more levels deep.
However, arrays more than three levels deep are hard to manage for most people.
Two-dimensional Arrays
A two-dimensional array is an array of arrays (a three-dimensional array is an array of arrays of
arrays).

Name Stock Sold

Volvo 22 18

BMW 15 13

Saab 5 2

Land Rover 17 15

16
We can store the data from the table above in a two-dimensional array, like this:
<?php
$cars = array (
array("Volvo",22,18),
array("BMW",15,13),
array("Saab",5,2),
array("Land Rover",17,15)
);
echo $cars[0][0].": In stock: ".$cars[0][1].", sold: ".$cars[0][2].".<br>";
echo $cars[1][0].": In stock: ".$cars[1][1].", sold: ".$cars[1][2].".<br>";
echo $cars[2][0].": In stock: ".$cars[2][1].", sold: ".$cars[2][2].".<br>";
echo $cars[3][0].": In stock: ".$cars[3][1].", sold: ".$cars[3][2].".<br>";
?>
Output
Volvo: In stock: 22, sold: 18.
BMW: In stock: 15, sold: 13.
Saab: In stock: 5, sold: 2.
Land Rover: In stock: 17, sold: 15.

Three Dimensional Array

Three Dimensional Array: It is the form of multidimensional array. Initialization in Three-
Dimensional array is same as that of Two-dimensional arrays. The difference is as the number
of dimension increases so the number of nested braces will also increase.
Example:

<?php

$marks = array(

"Ankit" => array(

"C" => 95,

"DCO" => 85,
"FOL" => 74,
),

"Ram" => array(

"C" => 78,

"DCO" => 98,
"FOL" => 46,
),

17
 "Anoop" => array(

"C" => 88,

"DCO" => 46,
"FOL" => 99,
),
);

echo $marks['Ankit']['C'] . "\n";

foreach($marks as $mark) {
echo $mark['C']. " ".$mark['DCO']." ".$mark['FOL']."\n";
}

?>

Output:
95
95 85 74
78 98 46
88 46 99

.3.12. Functions
PHP function is a piece of code that can be reused many times. It can take input as argument list
and return value.
 Built-in functions
PHP has over 1000 built-in functions that can be called directly, from within a script, to perform
a specific task.
The table below show some examples of built-in functions
PHP comes standard with many functions and constructs. i.e.
phpinfo() print() mysqli_connect() error_reporting()
error_log() array() copy() unlink()
date() time() strlen() strlen()

18
  User-defined functions

User defined functions are the functions that are created by the programmer.

 A function is a block of statements that can be used repeatedly in a program.

 A function will not execute automatically when a page loads.
 A function will be executed by a call to the function.
 A function can be any name created by programmer.
 A function name must start with a letter or an underscore.
 Function names are NOT case-sensitive

Tip: Give the function a name that reflects what the function does!

Syntax
function functionName() {
code to be executed;
}

Example

<?php
function writeMsg() {
echo "Hello world!";
}

writeMsg(); // call the function

?>
Output: Hello world!

PHP Function Arguments

Information can be passed to functions through arguments. An argument is just like a variable.
Arguments are specified after the function name, inside the parentheses. You can add as many
arguments as you want, just separate them with a comma.
Example
<?php
function familyName($fname) {
echo "$fname Refsnes.<br>";
}

familyName("Jani");
familyName("Hege");
familyName("Stale");
familyName("Kai Jim");

19
 familyName("Borge");
?>
Output:
Jani Refsnes.
Hege Refsnes.
Stale Refsnes.
Kai Jim Refsnes.
Borge Refsnes.

 Anonymous functions
An anonymous function is a function that doesn’t have a name. Such a function is also
called closure or lambda function.
To use an anonymous function, you need to assign it to a variable and call the function via the
variable.

Syntax
$var=function ($arg1, $arg2) { return $val; };
Example
<?php
$var = function ($x) {
return pow($x,3);
};
echo "cube of 3 = " . $var(3);
?>
Output
cube of 3 = 27

 Calling function
In PHP, you can call a function by its name, and you can pass arguments to the function if it
requires any. Here's the basic syntax for calling a function:
<?php
function functionName($arg1, $arg2) {
// Function code here
}
// Calling the function
$result = functionName($value1, $value2);
?>

20
Here's a step-by-step explanation:
 Define a function using the function keyword, followed by the function name
(functionName in the example). You can also define one or more arguments that the
function accepts.
 Inside the function, you can write the code that performs a specific task.
 To call the function, you simply use its name followed by parentheses. If the function
expects arguments, you pass them within the parentheses. In the example below, $value1
and $value2 are passed as arguments.
 The result of the function (if it returns a value) can be stored in a variable, as shown in
the example with $result.
Example:
<?PHP
function addNumbers($a, $b) {
return $a + $b;
}
$sum = addNumbers(5, 3); // $sum will be 8
?>
In this example, we have a function addNumbers that takes two arguments and returns their
sum. When you call the function with addNumbers(5, 3), it returns 8, which is stored in the $sum
variable.

.3.13. File handling

In PHP, you can perform various file handling operations, including opening, reading, writing,
closing, and deleting files. Here's how to do each of these operations:
1. Opening a File
You can open a file using the fopen() function, which takes two arguments: the filename and the
mode (e.g., 'r' for reading, 'w' for writing). Here's an example of opening a file for reading:
<?php
$file = fopen('example.txt', 'r');
?>

21
You can replace 'r' with 'w' if you want to open the file for writing. Make sure the file exists and
that you have the necessary permissions to access it.
2. Reading a File
To read from a file, you can use functions like fread(), fgets(), or file_get_contents(). Here's an
example using fread():
<?php
$content = fread($file, filesize('example.txt'));
echo $content;
?>
3. Writing to a File
To write to a file, you can use functions like fwrite(). Here's an example of opening a file for
writing and then writing content to it:
<?php
$file = fopen('example.txt', 'w');
fwrite($file, 'This is some text that we are writing to the file.');
fclose($file);
?>
4. Closing a File
It's essential to close a file after you've finished reading or writing it. Use the fclose() function to
do this:
<?php
fclose($file);
?>
This ensures that any changes are saved, and the file is properly closed.
5. Deleting a File
To delete a file, you can use the unlink() function. Make sure you have the necessary
permissions to delete the file:
<?php
if (file_exists('example.txt')) {
unlink('example.txt');
echo 'File deleted successfully.';
}
else {
echo 'File does not exist.';
}
?>

22
.3.14. Data Validations

Data validation is a critical aspect of web development to ensure that the data you receive from
users or external sources is safe and conforms to the expected format. In PHP, you can perform
various data validations to prevent security vulnerabilities and maintain data integrity. Here are
some common data validation techniques:
1. Checking for empty/Required Fields:
You should always check if required fields are not empty before processing the data.
<?php
if (empty($_POST['username'])) {
$errors[] = 'Username is required.';
}
?>
2. Validating Email Addresses
Use filter_var() with the FILTER_VALIDATE_EMAIL filter to validate email addresses.
<?php
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Invalid email address.';
}
?>
3. Validating Numeric Values
You can use is_numeric() to check if a value is numeric.
<?php
if (!is_numeric($_POST['age'])) {
$errors[] = 'Age must be a numeric value.';
}
?>
4. String Length Validation
Use strlen() to check the length of a string.
<?php
$password = $_POST['password'];
if (strlen($password) < 8) {
$errors[] = 'Password must be at least 8 characters long.';
}
?>

23
.4. Develop Application Programming Interface CRUD Endpoints
.4.1. Description of Application Programming Interface concepts
 Definition
 Types (Representational state Transfer (REST), Simple Object Access
Protocol(SOAP)
 API working principles
 Request methods
 Endpoint

An Application Programming Interface (API) is a set of rules and protocols that allows different
software applications to communicate with each other. It defines how requests and responses
should be formatted, making it possible for one application to request and use the services or
data provided by another application. APIs play a critical role in modern software development
and are used for various purposes, including data exchange, integration, and automation.

Definition:

An API (Application Programming Interface) is a set of rules, protocols, and tools that
allow different software applications to communicate with each other.

Types of APIs:
REST (Representational State Transfer)
REST is an architectural style for designing networked applications.

It is based on a set of principles, including the use of HTTP methods (GET, POST, PUT,
DELETE) and stateless communication.
RESTful APIs use resources (usually represented by URLs) and standard HTTP methods
to perform CRUD (Create, Read, Update, Delete) operations.

SOAP (Simple Object Access Protocol)

SOAP is a protocol for exchanging structured information in the implementation of web
services.
It uses XML as the message format and can be transported using a variety of lower-level
protocols, including HTTP, SMTP, and more.
SOAP is more rigid and has stricter standards compared to REST.

24
API Working Principles
APIs work by defining a contract between the service provider and the service consumer. The
provider exposes a set of endpoints and describes the structure of requests and responses.
The consumer makes HTTP requests to these endpoints, providing input data and receiving
output data.
Request Methods
APIs typically use HTTP methods to define the type of request:
GET: Retrieve data (Read)
POST: Create new data (Create)
PUT: Update existing data (Update)
DELETE: Remove data (Delete)
Endpoint
An endpoint is a specific URL (Uniform Resource Locator) that represents a resource or
a service provided by the API.
Each endpoint corresponds to a specific operation or set of operations, such as reading a
user's profile, creating a new record, updating data, or deleting data.
Now, let's create a simple PHP application with CRUD endpoints for managing users.
We'll create RESTful endpoints for the following operations:
1. Create a new user (POST)
2. Retrieve user details (GET)
3. Update user information (PUT)
4. Delete a user (DELETE)
<?php
//Sample API endpoints
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Create a new user
// Handle the request data (e.g., $_POST or JSON input)
// Perform the user creation and return a response
}
elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
// Retrieve user details
// Extract user ID from the URL (e.g., /users/{id})
// Retrieve user data and return as JSON
}
elseif ($_SERVER['REQUEST_METHOD'] === 'PUT') {
// Update user information
// Extract user ID from the URL

25
 // Handle the request data and update user information
// Return a response
}
elseif ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
// Delete a user
// Extract user ID from the URL
// Delete the user and return a response
}
else {
// Unsupported HTTP method http_response_code(405); // Method Not Allowed
}
This is a basic outline of how you can create CRUD endpoints for a simple API in PHP.

.4.2. Application of data formats (JSON)

In PHP, you can work with data formats like JSON (JavaScript Object Notation) for various
purposes, such as reading JSON data from external sources, converting PHP arrays or objects to
JSON, and sending JSON responses in a web application. Here are some common use cases for
working with JSON in PHP:
1. Reading JSON Data from External Sources
You may want to fetch and parse JSON data from external sources, such as APIs. You can use
the file_get_contents function to retrieve JSON data and then use json_decode to parse it into a
PHP data structure.
Example
<?php
$json_data = file_get_contents('https://api.example.com/data.json');
$php_data = json_decode($json_data, true); // Decodes JSON into an associative array
?>
2. Converting PHP Data to JSON:
If you have PHP data (arrays or objects) and want to convert it into a JSON string for various
purposes (e.g., sending JSON responses or storing data), you can use json_encode.
<?php
$php_data = ['name' => 'John', 'age' => 30];
$json_data = json_encode($php_data);
?>
3. Sending JSON Responses in a Web Application:
When building a web application, you might want to send JSON responses to the client. This is
commonly used in RESTful APIs. Here's a simple example using PHP to send a JSON response:

26
<?php
// Set the appropriate headers to indicate JSON content
header('Content-Type: application/json');
$data = ['message' => 'Hello, World!']; // Convert PHP data to JSON and echo it
echo json_encode($data);
?>
4. Storing Data in JSON Format:
You can save data in JSON format for later retrieval. For instance, you can use JSON to store
user preferences or other application settings.
<?php
$user_preferences = ['theme' => 'dark', 'language' => 'en'];
file_put_contents('user_prefs.json', json_encode($user_preferences));
?>

.4.3. Execute CREATE query

To execute a CREATE query for registering an IoT device, validating data from the device, and
storing the data in a database, you'll typically need a PHP script (or any server-side language)
and a database system like MySQL. Below, there is a simplified example of how to do it:
Assuming you have a MySQL database set up, first create a table to store IoT device data. For
this example, let's create a table named "iot_devices":
sql code
CREATE TABLE iot_devices ( id INT AUTO_INCREMENT PRIMARY KEY, device_name
VARCHAR(255) NOT NULL, device_data VARCHAR(255) NOT NULL, registration_date
TIMESTAMP DEFAULT CURRENT_TIMESTAMP );
Now, let's create a PHP script to handle the registration, validation, and storage of IoT device
data:

<?php
// Connect to the database
$mysqli = new mysqli("localhost", "username", "password", "database_name");
// Check the connection
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
// Process data received from the IoT device (assuming you receive this data via POST)

27
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$device_name = $_POST['device_name'];
$device_data = $_POST['device_data'];
// Validate the data from the IoT device (You can add your validation logic here)
if ($device_name && $device_data) {
// Data is valid // Insert the data into the database
$sql = "INSERT INTO iot_devices (device_name, device_data) VALUES (?, ?)";
$stmt = $mysqli->prepare($sql);
if ($stmt) {
$stmt->bind_param("ss", $device_name, $device_data);
$stmt->execute();
$stmt->close();
echo "Device registered successfully.";
}
else {
echo "Error: " . $mysqli->error;
}
}
else { echo "Invalid data received from the IoT device.";
}
}
// Close the database connection
$mysqli->close();
?>
In this script:
We establish a database connection using mysqli.
We retrieve data from the IoT device via the POST request.
We validate the received data. You should add more thorough validation based on the data you
expect.
If the data is valid, we prepare an INSERT query and execute it, inserting the data into the
"iot_devices" table.
We close the database connection when finished.
.4.4. Execute READ Query
To retrieve device information, fetch data from an external API, check device status, and access
alert records in the context of an Internet of Things (IoT) application using PHP, you'll need to
interact with various data sources and APIs. Here's a general outline of the steps involved:
Retrieve Device Information: To retrieve device information, you might need to query a
database, an IoT device registry, or some other data source. Assuming you have a MySQL

28
database, you can use PHP to connect to the database and execute a SELECT query to fetch the
device information.

Example:
<?php
$servername = "your_server";
$username = "your_username";
$password = "your_password";
$dbname = "your_database";
// Create a connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Query to retrieve device information
$sql = "SELECT * FROM devices WHERE device_id = 'your_device_id'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// Process and display device information
while ($row = $result->fetch_assoc()) {
echo "Device ID: " . $row["device_id"] . "<br>";
echo "Device Name: " . $row["device_name"] . "<br>"; /
/ Add more fields as needed
}
}
else { echo "Device not found";
}
$conn->close();
?>
Fetch Data from an External API: To fetch data from an external API, you can use PHP's
built-in functions or external libraries like cURL.

Here's a basic example using cURL:

<?php
$api_url = "https://api.example.com/data-endpoint";
// Initialize cURL session
$ch = curl_init($api_url);
// Set cURL options
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute the cURL session and retrieve data
$data = curl_exec($ch);
// Close cURL session
curl_close($ch);

29
 // Process and display fetched data
if ($data) {
$decoded_data = json_decode($data, true);
// Process the data as needed
}
else {
echo "Failed to fetch data from the API";
}
?>

Check Device Status: Checking device status might involve querying the device itself or
checking a status field in your database..

Access Alert Records: To access alert records, you'll again query your database or an
appropriate data source where alerts are stored.

.4.5. Execute UPDATE Query

To update device information, modify sensor settings, update device firmware, update access
permission, and update alert and notification settings in an Internet of Things (IoT) application
using PHP, it needs to use a database to store device and sensor information. In below example
will use MySQL as the database.

Assuming you have a MySQL database with a table named devices, and you want to update the
mentioned attributes, here's how you can do it using PHP and SQL queries.

<?php
// Database connection information
$servername = "localhost";
$username = "your_username";
$password = "your_password";
$dbname = "your_database";
// Create a connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// Update device information

30
$deviceID = 1; // Replace with the actual device ID
$newDeviceInfo = "New device information";
$sql = "UPDATE devices SET device_info = '$newDeviceInfo' WHERE id =$deviceID";
if ($conn->query($sql) === TRUE) {
echo "Device information updated successfully.<br>";
} else {
echo "Error updating device information: " . $conn->error;
}

// Modify sensor settings

$newSensorSettings = "New sensor settings"; // Replace with the actual sensor settings
$sql = "UPDATE devices SET sensor_settings = '$newSensorSettings' WHERE id =
$deviceID";
if ($conn->query($sql) === TRUE) {
echo "Sensor settings modified successfully.<br>";
} else {
echo "Error modifying sensor settings: " . $conn->error;
}

// Update device firmware

$newFirmwareVersion = "1.2.0"; // Replace with the actual firmware version
$sql = "UPDATE devices SET firmware_version = '$newFirmwareVersion' WHERE id
= $deviceID";
if ($conn->query($sql) === TRUE) {
echo "Device firmware updated successfully.<br>";
} else {
echo "Error updating device firmware: " . $conn->error;
}

// Update access permission

$newAccessPermission = "public"; // Replace with the actual access permission
$sql = "UPDATE devices SET access_permission = '$newAccessPermission' WHERE id
= $deviceID";
if ($conn->query($sql) === TRUE) {
echo "Access permission updated successfully.<br>";
} else {
echo "Error updating access permission: " . $conn->error;
}

// Update alert and notification settings

$newAlertSettings = "New alert settings"; // Replace with the actual alert settings
$sql = "UPDATE devices SET alert_settings = '$newAlertSettings' WHERE id =
$deviceID";
if ($conn->query($sql) === TRUE) {
echo "Alert and notification settings updated successfully.<br>";
} else {

31
 echo "Error updating alert and notification settings: " . $conn->error;
}

// Close the database connection

$conn->close();
?>

.4.6. Execute DELETE Query

To execute DELETE queries in PHP for an Internet of Things (IoT) application to remove sensor
data, delete command history, purge inactive devices, and delete alert configurations, you'll again
need to use a database (e.g., MySQL) and appropriate SQL queries. Here's how you can achieve
this:

<?php
// Database connection information
$servername = "localhost";
$username = "your_username";
$password = "your_password";
$dbname = "your_database";

// Create a connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// Remove sensor data for a specific device

$deviceID = 1; // Replace with the actual device ID
$sql = "DELETE FROM sensor_data WHERE device_id = $deviceID";
if ($conn->query($sql) === TRUE) {
echo "Sensor data removed successfully.<br>";
} else {
echo "Error removing sensor data: " . $conn->error;
}

// Delete command history for a specific device

$sql = "DELETE FROM command_history WHERE device_id = $deviceID";
if ($conn->query($sql) === TRUE) {
echo "Command history deleted successfully.<br>";
} else {
echo "Error deleting command history: " . $conn->error;
}

32
// Purge inactive devices (delete devices that haven't been active for a certain period)
$inactiveThreshold = strtotime("-30 days"); // Define your threshold for inactivity
$sql = "DELETE FROM devices WHERE last_activity_timestamp < $inactiveThreshold";
if ($conn->query($sql) === TRUE) {
echo "Inactive devices purged successfully.<br>";
} else {
echo "Error purging inactive devices: " . $conn->error;
}

// Delete alert configurations for a specific device

$sql = "DELETE FROM alert_configurations WHERE device_id = $deviceID";
if ($conn->query($sql) === TRUE) {
echo "Alert configurations deleted successfully.<br>";
} else {
echo "Error deleting alert configurations: " . $conn->error;
}

// Close the database connection

$conn->close();
?>

.4.7. Error Handling

Error handling in PHP is crucial for gracefully managing unexpected errors, exceptions, and
issues that may arise during the execution of your PHP scripts. PHP provides various
mechanisms and functions to handle errors, including error reporting, exception handling, and
custom error handling.

Here are some common error handling techniques in PHP:

Error Reporting:

PHP has a feature called error reporting that allows you to control how and when errors are
displayed or logged. The error_reporting function and display_errors directive in php.ini are
used for this purpose.

Example to disable error display and log errors to a file:

<?php
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', '/path/to/error.log');
error_reporting(E_ALL);

33
 // Your PHP code here
?>

Exceptions:
PHP supports exception handling, which allows you to handle errors and exceptions in a more
structured way using try, catch, and throw blocks.

Example
<?php
try {
// Code that may throw an exception
$result = 10 / 0;
} catch (Exception $e) {
echo "An error occurred: " . $e->getMessage();
}
?>

.5. Secure API endpoints

Securing PHP API endpoints is crucial to protect your application and its data from unauthorized
access and potential attacks. Here are some best practices for implementing API authentication
and security in PHP:
1. Use HTTPS
Always use HTTPS to encrypt data in transit. This prevents eavesdropping and man-in-the-
middle attacks.
2. Authentication and Authorization
 API Keys: Use API keys as a simple form of authentication. Each client (user or
application) should have a unique API key that must be included in the API request
headers.
 OAuth2: For more robust authentication and authorization, consider implementing
OAuth2. OAuth2 allows you to define different access levels and scopes, ensuring
that only authorized users can access specific endpoints.
 JWT (JSON Web Tokens): JWTs can be used for token-based authentication. They
are digitally signed and can include user claims, making them a secure choice for
authentication.

34
 3. Input Validation:
Sanitize and validate all incoming data to prevent SQL injection, XSS (Cross-Site Scripting), and
other common attacks.
4. Rate Limiting
Implement rate limiting to restrict the number of API requests that can be made from a single IP
address or API key within a specified timeframe. This prevents abuse or overuse of your API.
5. CORS (Cross-Origin Resource Sharing)
If your API is intended to be accessed from a web application, configure CORS headers to
restrict which domains can access your API. This prevents unauthorized websites from making
requests to your API.
6. Error Handling
Implement proper error handling and avoid exposing sensitive information in error responses.
Instead, return generic error messages to clients.
7. API Versioning
Implement versioning in your API to ensure that changes or updates to the API do not break
existing clients. This allows you to maintain backward compatibility.
8. Logging and Monitoring
Set up logging and monitoring for your API to detect and respond to unusual or potentially
malicious activities. Tools like Elasticsearch, Logstash, and Kibana (ELK stack) can be useful
for this purpose.
9. Firewalls and WAFs (Web Application Firewalls)
Consider using firewalls and Web Application Firewalls to protect your API from common web-
based attacks like DDoS and SQL injection.
10. Security Testing
Regularly perform security assessments such as penetration testing and vulnerability scanning to
identify and mitigate security weaknesses.
11. IP Whitelisting
For added security, you can restrict access to your API to specific IP addresses or IP ranges.
12. Content Security Policy (CSP)
Implement CSP headers to control what sources of content are allowed to be loaded by your web
application, reducing the risk of XSS attacks.

35
 13. Data Encryption
For sensitive data, consider encrypting it at rest and in transit, depending on your application's
requirements.
14. Regular Updates
Keep your PHP and other server-side components up to date to patch any known security
vulnerabilities.

.6. Test API endpoints

.6.1. Description of Application Programming Interface testing concepts
API testing is essential for ensuring the functionality, reliability, and security of your PHP
applications. It helps deliver a high-quality API that meets the needs of both developers and end-
users.

 Testing Tools for PHP API Testing

1. Postman: A popular tool for manual API testing. It allows you to send requests, inspect
responses, and organize and automate your tests.
2. Sandbox: A custom environment for testing APIs, often provided by API providers to
help developers experiment and test without affecting the production environment.
3. PHPUnit: A unit testing framework for PHP. It is used to write and execute unit tests for
individual components of your API.
4. Guzzle: A PHP HTTP client and framework for making HTTP requests to API
endpoints. It's commonly used for integration testing.
5. Pest: A concise and elegant PHP testing framework. It can be used for API testing and
supports a clean syntax for writing test cases.
6. Dredd-PHP: A testing tool that works with API Blueprints, which are documentation for
your API. Dredd tests your API endpoints against the documentation.

 API Testing Best Practices:

 Document your API endpoints and provide clear documentation to help testers
understand how to use the API.
 Use mocking for external dependencies to ensure tests are isolated and consistent.
 Automate testing processes to ensure efficient and repeatable testing.

36
  Regularly update and review test cases to accommodate changes in the API.
 Test for various scenarios, including edge cases and potential error situations.
 Implement security testing to identify vulnerabilities.
 Implement versioning to ensure backward compatibility.
 Use proper status codes and error responses in your API to make testing and debugging
easier.
 Benefits of API Testing
 Early Issue Detection: API testing helps identify issues and bugs early in the
development process, reducing the cost of fixing them.
 Improved Reliability: Thorough testing leads to a more reliable and stable API, which
enhances the user experience and trust.
 Security: Testing helps identify and address security vulnerabilities before they can be
exploited by attackers.
 Performance Optimization: Performance testing can identify bottlenecks and areas for
optimization.
 Documentation Validation: API testing helps ensure that the API documentation
accurately reflects the API's behavior.
 API Testing Steps
1. Test Planning: Define the scope of testing, objectives, and test cases to be executed.
2. Environment Setup: Create a testing environment, which may include a sandbox or
dedicated testing servers.
3. Test Case Development: Develop test cases that cover various scenarios, including
positive and negative cases.
4. Test Execution: Run the test cases against the API in the testing environment.
5. Reporting: Document and analyze the test results. Identify and report any issues or
discrepancies.
6. Bug Fixing: If issues are discovered, developers should address them, and the testing
process may be repeated.
7. Regression Testing: After fixing issues, re-run tests to ensure that new changes didn't
introduce new problems.

37
 8. Automation: Automate test cases for efficient and repeatable testing, especially for
regression and performance testing.
9. Security Assessment: Conduct security testing to identify vulnerabilities and potential
threats.
10. Documentation Validation: Ensure that the API documentation is accurate and up to
date based on the test results.

1.6.2. Types of Application Programming Interface endpoints testing

 Unit Testing: Involves testing individual components or functions of the API in isolation,
typically using PHPUnit or similar testing frameworks.
 Integration Testing: Focuses on testing interactions between different components or
services within the API. Guzzle and Pest are often used for this purpose.
 End-to-End Testing: Evaluates the entire API's functionality, including the flow of data and
communication between different services. Dredd-PHP is a tool used for API Blueprint
testing.
 Load testing: is essential to ensure that your API can handle a substantial volume of requests
and traffic without performance degradation.

1.6.3. Testing of Endpoint accessibility

Testing the accessibility of PHP endpoints is crucial to ensure that your API is available and
functioning correctly. It helps to ensure that your API is reliable and that it provides consistent
access to clients.
Here's how you can test the accessibility of PHP endpoints:
 Response Validation
 Authentication and Authorization Testing
 Error Handling Testing
 Test how your API handles errors: Send requests with invalid data or missing parameters
and ensure that your API responds with the correct error codes and messages.
 Edge Cases Testing: Test edge cases, such as sending maximum or minimum values, to
ensure your API behaves correctly under extreme conditions.

38
  Concurrency and Load Testing: Consider performing concurrency and load testing to
assess how your API handles multiple simultaneous requests.
 Error Logging

1.7. Documentation of the developed API

Creating comprehensive documentation for your developed PHP API is crucial for both internal
and external developers who will be working with your API. The documentation should include
detailed information about API specifications, endpoints, authentication, request parameters,
response structure, error codes, and usage guidelines.
 Choose a Documentation Tool
Swagger/OpenAPI: Swagger is a widely used tool for API documentation compared to
others(Postman/ApiDoc/Spotlight). You can use Swagger Editor or other OpenAPI-
compatible tools to create and maintain API documentation.

 Document API Specifications: Defining the basic information about the API. This includes:
 API Name
 Version
 Description
 Contact Information (e.g., email)
 License Information
 Document API Endpoints: For each API endpoint, provide detailed information:
 HTTP Method: (GET, POST, PUT, DELETE, etc.)
 Endpoint URL: (e.g., https://api.example.com/users)
 Responses: Describe the possible responses with their HTTP status codes (e.g., 200
OK, 404 Not Found) and their structure.
 Authentication Information: Specify how authentication is handled for this
endpoint (e.g., API key, OAuth2).
 Include Request Parameters: Document all the request parameters, whether they
are in the URL (query and path parameters) or in the request body (if applicable).
Specify their data types, required fields, and constraints.

39
  Include Response Structure: Describe the structure of the response for each
endpoint, including the data format (JSON, XML, etc.) and the fields that can be
expected.
 Include Error Codes and Error Response Formats: Document the possible error
codes and their meanings.
 Add Usage Guidelines: Include guidelines for using your API effectively. This may
cover best practices, rate limiting, versioning, and any specific considerations for
working with the API.

1.4.8. Document Application Programming Interface Versioning

API versioning allows to make changes and updates to the API while ensuring backward
compatibility for existing users. Proper versioning ensures that the API consumers can adapt to
changes at their own pace and prevents breaking their existing integrations.

LEARNING OUTCOME 2: Develop user interface

2.1. Identification of UI requirements

40