// the find
mevdschee/php-crud-api
Single file PHP script that adds a REST API to a SQL database
A single PHP file that introspects your database schema and instantly exposes it as a REST API — no code generation, no build step. It supports MySQL, PostgreSQL, SQL Server, and SQLite, with joins, filtering, pagination, spatial queries, and OpenAPI docs all included. The target audience is developers who need a quick backend for a side project or need to wrap a legacy database without building a full API layer.
- The single-file deployment story is genuinely useful — drop api.php on any PHP host, set credentials, done. No Composer required for the happy path, which matters for constrained hosting environments.
- The middleware stack covers real production concerns: JWT and API key auth, CORS, XSRF protection, IP allowlisting, rate limiting via pageLimits/joinLimits, and multi-tenancy. These aren't stubs — they're configurable and composable.
- Spatial/GIS support with PostGIS and WKT/GeoJSON endpoints is non-trivial to add yourself, and having it baked in with proper OGC filter operators (sco, scr, sin, swi, etc.) is a genuine differentiator over similar tools.
- The test suite is file-based HTTP log fixtures, which makes it trivially readable and easy to add regression cases without a testing framework — a good pragmatic call for a single-file project.
- No transactions across endpoints. Batch operations use a single transaction internally, but if you need multi-table writes that either all commit or all roll back across separate record endpoints, you're out of luck — the architecture doesn't support it.
- Composite primary keys and composite foreign keys are explicitly unsupported. This is a hard blocker for any legacy schema that wasn't designed with surrogate keys, which is exactly the kind of system this tool is meant to wrap.
- Authorization is callback-based PHP closures in the config file, which means your access control rules live outside version control if you're using the single-file deployment model. Any real RBAC beyond 'table X is off-limits' requires embedding application logic in a config parameter.
- The schema reflection and caching use temp files by default with a 10-second TTL, which will cause visible latency spikes under cold cache conditions and is inappropriate for high-concurrency deployments — Redis/Memcache options exist but require you to know to configure them.