✏️ Intro to CRUD

501

What is a CRUD?

A CRUD is the ability for the user of a web-app to Create, Read, Update, or Delete a record in a database.

The API call equivalencies are as follows:

  • Create = POST
  • Read = GET
  • Update = PUT in theory, but POST in practice
  • Delete = DELETE

In the next few articles, we’ll show you how you can:

  • Change the display of items on the page based on user information and/ interactions,
  • Allow users of your web-app to create, update, or delete records in its database.

But first, let’s cover a few essentials you absolutely must keep in mind when allowing users to read, create, update, or delete items in a web-app, whether you’re using WeWeb or another tool:

1- All the data you load in a user's frontend can be read. Even if you hide all or part of the data through frontend filters for example, anyone who has access to the browser can see it if they know where to look.

2- Your backend expects a certain type of data. Make sure you are sending the correct data type. If your backend expects an array of items, make sure you are sending an array, even if it only contains one item. If your backend expects an integer, make sure you are sending an integer.

3- Users can mess up your database if you allow everyone to POST. Make sure you are clear about who should be able to create, update, or delete records in your database. Set up user roles and permissions accordingly.

4- Data is vulnerable when it transits between the backend and the frontend. When you are sending data from the frontend to your backend or vice versa, ask yourself if you have taken all appropriate measures to secure the data in transit.