Slim API and Swagger



I have just got Slim PHP Framework with composer. I want to use slim framework for API. I developed api with all logic in one place. but when I decided to use Swagger and generated server code from sample petstore from swagger editor. It give me different standard like concept of modules structure as below.

Now I am not getting proper document or sample example to use swagger with slim in recommended way ( using namespace Modules as per swagger recommendation)
Thanks in advance.

My sample working sample index.php API is as below need help to change same in swegger recommended way.

 * Swagger Petstore
 * @version 1.0.0

require_once __DIR__ . '/vendor/autoload.php';

$app = new Slim\App();

 * GET findPetsByStatus
 * Summary: Finds Pets by status
 * Notes: Multiple status values can be provided with comma separated strings
 * Output-Formats: [application/xml, application/json]
$app->GET('/wines/{name}', function($request, $response, $args) {

// check for required params

    $sql = "SELECT *  FROM wine WHERE id=$id";

    try {
       $db = getConnection();
       $stmt = $db->prepare($sql);
       $stmt->bindParam("id", $id);
       $wines = $stmt->fetchAll(PDO::FETCH_OBJ);

       $db = null;
     #####  echo '{"wine": ' . json_encode($wines) . '}';

    } catch(PDOException $e) {
        echo '{"error":{"block1":'. $e->getMessage() .'}}';

            $queryParams = $request->getQueryParams();
            $status = $queryParams['status'];    
            $response->write('How about implementing findPetsByStatus as a GET method ?');
            return $response;


function getConnection() {
    $dbh = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
    return $dbh;


I can’t help you with the Swagger question, but this is not how you do prepared statements. As it stands, this code is susceptible to a SQL Injection attack as PHP will process the $id in the $sql variable and place whatever comes out of $args['name']. It’s pretty easy to fix, however:

$sql = "SELECT * FROM wine WHERE id=:id";
try {
    $db = getConnection();
    $stmt = $db->prepare($sql);
    $stmt->bindParam(":id", $id);

I would also recommend that you tell the bindParam() method specifically what the data type is, such as PDO::PARAM_STR or PDO::PARAM_INT. It’s not mandatory, but it can help where the type can be ambiguous (such as when someone has defined an enum with the values 1 and 0)


Thanks Antnee,

I really appreciate, I am new and your suggestion will definitely going to help us specially for SQl Injection. Point Noted.

If any help of swagger with Slim. How we can use Swagger & slim together ?