Quick Reference: CRUD Operations in Slim MVC

This cheatsheet provides a quick reference for implementing CRUD operations in your Slim MVC application.

Checklist for Implementing CRUD Operations

When implementing CRUD operations, you should follow these steps for each resource (e.g., products, categories, orders, users, etc.) in the following order:

✅ Create a Model class (extends BaseModel, inject PDOService)
✅ Create a Controller class (extends BaseController, inject Container and Model (s))
✅ Implement 7 standard controller methods (index, show, create, store, edit, update, delete)
✅ Create 4 view files (index, show, create, edit) for the resource
✅ Register 7 routes in web-routes.php for the resource
✅ Use named routes for redirects
✅ Follow RESTful URI patterns
✅ Validate input data before passing to model methods
✅ Use Post-Redirect-Get pattern (PRG) pattern after successful form submissions to prevent duplicate submissions
✅ Test all routes in browser

Extracting Input Data from the Client Request

In your controller’s callback methods, you can extract the request data (route parameters, POST form data, query string parameters) from the request object using the following methods:

1. Get route parameter (from `{id}` placeholder)

Inputs passed in the URI path are called route parameters.
Route parameters are typically used for parametric routes like /products/{id} and they help identify the specific item to be displayed, edited, or deleted. For example, /products/123
You can access them using the $args array parameter in your controller’s callback method.

1
public function routeCallback(Request $request, Response $response, array $args): Response
2
{
3
    $productId = (int) $args['id']; // E.g., /products/123 -> $args['id'] = '123'
4
}

2. Get POST form data

Inputs passed in the POST request body are called form data.
Form data is typically used for form submissions or API requests. For example, /products
You can access them using the $request->getParsedBody() method.

1
public function routeCallback(Request $request, Response $response, array $args): Response
2
{
3
    $formData = $request->getParsedBody();
4
    $productName = $formData['name'] ?? '';
5
    $productPrice = $formData['price'] ?? 0;
6
}

3. Get query string parameters

Inputs passed in the GET request query string are called query string parameters.
Query string parameters are typically used for search queries or filters. For example, /products?search=laptop&sort=price
You can access them using the $request->getQueryParams() method.

1
public function routeCallback(Request $request, Response $response, array $args): Response
2
{
3
    $queryParams = $request->getQueryParams();
4
    $search = $queryParams['search'] ?? '';
5
    $sort = $queryParams['sort'] ?? 'name';
6
}

Creating a Controller Class

Create a controller class by extending BaseController. The constructor should call the parent constructor with the Container instance and inject model instance(s) into the controller’s constructor.

Standard Signatures of the Controller Callback Methods

1
<?php
2
use Psr\Http\Message\ResponseInterface as Response;
3
use Psr\Http\Message\ServerRequestInterface as Request;
4

5
class YourController extends BaseController
6
{
7
    public function __construct(Container $container, private YourModel $model) {
8
        parent::__construct($container);
9
    }
10

11
    // Display list of items (GET request)
12
    public function index(Request $request, Response $response, array $args): Response
13

14
    // Show single item details (GET request)
15
    public function show(Request $request, Response $response, array $args): Response
16

17
    // Display a form for creating a new item (GET request)
18
    public function create(Request $request, Response $response, array $args): Response
19

20
    // Handle a request to save a new item to the database (POST request)
21
    public function store(Request $request, Response $response, array $args): Response
22

23
    // Display a form for editing an item (GET request)
24
    public function edit(Request $request, Response $response, array $args): Response
25

26
    // Handle a request to save changes to an item (POST request)
27
    public function update(Request $request, Response $response, array $args): Response
28

29
    // Handle a request to delete an item (GET request)
30
    public function delete(Request $request, Response $response, array $args): Response
31
}

Rendering Views and Redirecting to Other Routes

The BaseController class provides two methods for displaying views and redirecting to other routes:

render() → Display a view template using a view template file name (e.g., products/index.php)
redirect() → Redirect to a named route using a named route name (e.g., products.index)

Displaying Views using `render()`

The render() method takes three parameters:

$response → PSR-7 response object to modify
$view_name → Name of the view template file (e.g., products/index.php)
$data → Associative array of data to pass to the view (optional)

1
// Basic rendering
2
return $this->render($response, 'products/index.php');
3

4
// Passing associative array of data to view
5
$data = [
6
    'product' => $this->model->findById((int) $args['id']),
7
    'title' => 'Product Details'
8
];
9
return $this->render($response, 'products/show.php', $data);

HTTP Redirects using `redirect()`

The redirect() method is used to redirect the user to a named route.
It is typically used after a successful form submission (in the Post-Redirect-Get (PRG) pattern) to prevent duplicate submissions or after a data operation (like delete or update).

The redirect() method takes five parameters:

$request → PSR-7 request object for route context
$response → PSR-7 response object to modify
$route_name → Named route to redirect to (e.g., products.index, products.edit)
$uri_args → Replaces route placeholders like {id} in /products/{id} (optional)
$query_params → Adds query strings like ?page=2&sort=name (optional)

Method Signature:

1
protected function redirect(
2
    Request $request,
3
    Response $response,
4
    string $route_name,      // Named route to redirect to
5
    array $uri_args = [],    // Optional: Replaces {placeholders} in route
6
    array $query_params = [] // Optional: Adds ?key=value to URL
7
): Response

Examples of Redirects

1
// Simple redirect (no parameters)
2
return $this->redirect($request, $response, 'home.index');
3

4
// With route parameter (replaces {id}) → /products/123
5
return $this->redirect($request, $response, 'products.show', ['id' => $productId]);
6

7
// With query parameters only → /products?category=electronics&sort=price
8
return $this->redirect($request, $response, 'products.index', [], [
9
    'category' => 'electronics',
10
    'sort' => 'price'
11
]);
12

13
// With BOTH route parameter and query string → /products/123/edit?tab=details
14
return $this->redirect($request, $response, 'products.edit', ['id' => $productId], [
15
    'tab' => 'details'
16
]);

Standard CRUD Routes URI Patterns

Action	Method	URI Pattern	Controller Method	Route Name
List all items	GET	`/products`	`index()`	`products.index`
Show one item	GET	`/products/{id}`	`show()`	`products.show`
Show create form	GET	`/products/create`	`create()`	`products.create`
Handle save new item	POST	`/products`	`store()`	-
Show edit form	GET	`/products/{id}/edit`	`edit()`	`products.edit`
Save changes	POST	`/products/{id}`	`update()`	-
Delete item	GET	`/products/{id}/delete`	`delete()`	`products.delete`

Route Registration Example

1
use App\Controllers\ProductsController;
2

3
// 1) List all products (GET request)
4
$app->get('/products', [ProductsController::class, 'index'])
5
    ->setName('products.index');  // 👉 named route for redirecting after successful form submissions
6

7
// 2) Show single product (GET request)
8
$app->get('/products/{id}', [ProductsController::class, 'show'])
9
    ->setName('products.show');
10

11
// 3) Show a form for creating a new product (GET request)
12
$app->get('/products/create', [ProductsController::class, 'create'])
13
    ->setName('products.create');
14

15
// 4) Handle a request to save a new product to the database (POST request)
16
$app->post('/products', [ProductsController::class, 'store']);
17

18
// 5) Show a form for editing a product (GET request)
19
$app->get('/products/{id}/edit', [ProductsController::class, 'edit'])
20
    ->setName('products.edit');
21

22
// 6) Handle a request to save changes to a product (POST request)
23
$app->post('/products/{id}', [ProductsController::class, 'update']);
24

25
// 7) Handle a request to delete a product (GET request)
26
$app->get('/products/{id}/delete', [ProductsController::class, 'delete'])
27
    ->setName('products.delete');

Model Class Structure

The BaseModel class provides a set of convenient methods for database operations using prepared statements. All methods use named or positional parameters for security against SQL injection.

Create a model class by extending BaseModel. The constructor should call the parent constructor with the PDOService instance.

1
<?php
2
namespace App\Domain\Models;
3

4
use App\Helpers\Core\PDOService;
5

6
class ProductsModel extends BaseModel
7
{
8
    public function __construct(PDOService $db_service) {
9
        parent::__construct($db_service);
10
    }
11
}

Retrieve Multiple Records using `selectAll()`

1
// Get all records
2
public function getAllProducts(): array
3
{
4
    return $this->selectAll('SELECT * FROM products ORDER BY created_at DESC');
5
}
6

7
// With conditions (named parameters)
8
public function getProductsByCategory(int $categoryId): array
9
{
10
    return $this->selectAll('SELECT * FROM products WHERE category_id = :id', ['id' => $categoryId]);
11
}

Retrieve Single Record using `selectOne()`

1
// Find by ID (positional parameter)
2
public function findById(int $id): array|false
3
{
4
    return $this->selectOne('SELECT * FROM products WHERE id = ?', [$id]);
5
}
6

7
// Find by slug (named parameter)
8
public function findBySlug(string $slug): array|false
9
{
10
    return $this->selectOne('SELECT * FROM products WHERE slug = :slug', ['slug' => $slug]);
11
}

Count Records using `count()`

1
// Count all
2
public function getTotalProducts(): int
3
{
4
    return $this->count('SELECT COUNT(*) FROM products');
5
}
6

7
// Count with condition
8
public function countActiveProducts(): int
9
{
10
    return $this->count('SELECT COUNT(*) FROM products WHERE status = :status', ['status' => 'active']);
11
}

Insert a new record

1
// INSERT
2
public function create(array $data): int
3
{
4
    return $this->execute(
5
        'INSERT INTO products (name, price, created_at) VALUES (:name, :price, :created_at)',
6
        ['name' => $data['name'], 'price' => $data['price'], 'created_at' => date('Y-m-d H:i:s')]
7
    );
8
}

Update an existing record

1
// UPDATE
2
public function update(int $id, array $data): int
3
{
4
    return $this->execute(
5
        'UPDATE products SET name = :name, price = :price WHERE id = :id',
6
        ['id' => $id, 'name' => $data['name'], 'price' => $data['price']]
7
    );
8
}

Delete an existing record

1
// DELETE
2
public function delete(int $id): int
3
{
4
    return $this->execute('DELETE FROM products WHERE id = :id', ['id' => $id]);
5
}

Get Last Inserted ID using `lastInsertId()`

1
public function createAndGetId(array $data): string
2
{
3
    $this->execute('INSERT INTO products (name, price) VALUES (:name, :price)', $data);
4
    return $this->lastInsertId();
5
}

Quick Tips

Named parameters → Use :name for better readability in SQL queries
Route names → Always use ->setName() for routes you’ll redirect to (e.g., products.index, products.edit)
Route order → Place /create routes before /{id} routes
PRG pattern → Always redirect after POST requests to prevent duplicate submissions
Validation → Validate all input data before passing to model methods
Error handling → Use try-catch blocks and redirect on errors
Security → Use prepared statements (all BaseModel methods do this automatically)