you@localhost:~$ telnet the-nounours-land-of.nounours.fr 22
Trying 151.12.401.5...
Connected to the-nounours-land-of.nounours.fr

INFO: Expect this site to display properly only on desktop.

 █████╗ ██████╗ ██╗    ██████╗ ██████╗ ██████╗ 
██╔══██╗██╔══██╗██║    ██╔══██╗██╔══██╗██╔══██╗
███████║██████╔╝██║    ██████╔╝██║  ██║██║  ██║
██╔══██║██╔═══╝ ██║    ██╔══██╗██║  ██║██║  ██║
██║  ██║██║     ██║    ██████╔╝██████╔╝██████╔╝
╚═╝  ╚═╝╚═╝     ╚═╝    ╚═════╝ ╚═════╝ ╚═════╝

NAVIGATION

I've created this API to link the database of the server to a mobile application.
This API receive HTTP query and gives data with the json format to the application. Of course the code below isn't the entire API. 

$whitelist = ['ACTUALITE', 'CONCERNE', 'CONTIENT', 'DETIENT', 'JEU', 'PERMISSION', 'ROLE', 'TAG', 'UTILISATEUR', 'MODIFICATION'];

if (!in_array($table, $whitelist)) {
    echo json_encode(['error' => 'Table non autorisée']);
    exit;
}

if ($table && $action) {
    switch ($action) {
        case 'insert':
            $data = json_decode(file_get_contents('php://input'), true);
            $columns = implode(', ', array_keys($data));
            $placeholders = ':' . implode(', :', array_keys($data));
            $stmt = $pdo->prepare("INSERT INTO $table ($columns) VALUES ($placeholders)");
            $stmt->execute($data);
            echo json_encode(['status' => 'success']);
            break;

        case 'update':
            $data = json_decode(file_get_contents('php://input'), true);
            $idColumn = array_key_first($data); // Supposons que la première clé est l'identifiant
            $setClause = implode(', ', array_map(fn($col) => "$col = :$col", array_keys($data)));
            $stmt = $pdo->prepare("UPDATE $table SET $setClause WHERE $idColumn = :$idColumn");
            $stmt->execute($data);
            echo json_encode(['status' => 'success']);
            break;

        case 'getAll':
            $stmt = $pdo->query("SELECT * FROM $table");
            $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
            echo json_encode($result);
            break;

        case 'getAllById':
            $idColumn = array_key_first($data);
            $stmt = $pdo->query("SELECT * FROM $table WHERE $id = :$idColumn");
            $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
            echo json_encode($result);
            break;

        case 'delete':
            $data = json_decode(file_get_contents('php://input'), true);
            $idColumn = array_key_first($data); // Supposons que la première clé est l'identifiant
            $stmt = $pdo->prepare("DELETE FROM $table WHERE $idColumn = :$idColumn");
            $stmt->execute($data);
            echo json_encode(['status' => 'success']);
            break;

        default:
            echo json_encode(['error' => 'Action non supportée']);
            break;
    }
} else {
    echo json_encode(['error' => 'Paramètres manquants']);
}