conn = $db; } public function create() { $query = "INSERT INTO " . $this->table_name . " SET name=:name, description=:description, serial_number=:serial_number, picture=:picture, quantity=:quantity, price=:price, date_of_purchase=:date_of_purchase, created_at=:created_at, updated_at=:updated_at"; $stmt = $this->conn->prepare($query); $this->name = htmlspecialchars(strip_tags($this->name)); $this->description = htmlspecialchars(strip_tags($this->description)); $this->serial_number = htmlspecialchars(strip_tags($this->serial_number)); $this->picture = htmlspecialchars(strip_tags($this->picture)); $this->quantity = htmlspecialchars(strip_tags($this->quantity)); $this->price = htmlspecialchars(strip_tags($this->price)); $this->date_of_purchase = htmlspecialchars(strip_tags($this->date_of_purchase)); $this->created_at = date('Y-m-d H:i:s'); $this->updated_at = date('Y-m-d H:i:s'); $stmt->bindParam(":name", $this->name); $stmt->bindParam(":description", $this->description); $stmt->bindParam(":serial_number", $this->serial_number); $stmt->bindParam(":picture", $this->picture); $stmt->bindParam(":quantity", $this->quantity); $stmt->bindParam(":price", $this->price); $stmt->bindParam(":date_of_purchase", $this->date_of_purchase); $stmt->bindParam(":created_at", $this->created_at); $stmt->bindParam(":updated_at", $this->updated_at); if($stmt->execute()) { return true; } return false; } public function read() { $query = "SELECT * FROM " . $this->table_name . " ORDER BY created_at DESC"; $stmt = $this->conn->prepare($query); $stmt->execute(); return $stmt; } public function readOne() { $query = "SELECT * FROM " . $this->table_name . " WHERE id = ? LIMIT 0,1"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $this->id); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); $this->name = $row['name']; $this->description = $row['description']; $this->serial_number = $row['serial_number']; $this->picture = $row['picture']; $this->quantity = $row['quantity']; $this->price = $row['price']; $this->date_of_purchase = $row['date_of_purchase']; $this->created_at = $row['created_at']; $this->updated_at = $row['updated_at']; } public function update() { $query = "UPDATE " . $this->table_name . " SET name=:name, description=:description, serial_number=:serial_number, picture=:picture, quantity=:quantity, price=:price, date_of_purchase=:date_of_purchase, updated_at=:updated_at WHERE id=:id"; $stmt = $this->conn->prepare($query); $this->name = htmlspecialchars(strip_tags($this->name)); $this->description = htmlspecialchars(strip_tags($this->description)); $this->serial_number = htmlspecialchars(strip_tags($this->serial_number)); $this->picture = htmlspecialchars(strip_tags($this->picture)); $this->quantity = htmlspecialchars(strip_tags($this->quantity)); $this->price = htmlspecialchars(strip_tags($this->price)); $this->date_of_purchase = htmlspecialchars(strip_tags($this->date_of_purchase)); $this->updated_at = date('Y-m-d H:i:s'); $stmt->bindParam(":name", $this->name); $stmt->bindParam(":description", $this->description); $stmt->bindParam(":serial_number", $this->serial_number); $stmt->bindParam(":picture", $this->picture); $stmt->bindParam(":quantity", $this->quantity); $stmt->bindParam(":price", $this->price); $stmt->bindParam(":date_of_purchase", $this->date_of_purchase); $stmt->bindParam(":updated_at", $this->updated_at); $stmt->bindParam(":id", $this->id); if($stmt->execute()) { return true; } return false; } public function delete() { $query = "DELETE FROM " . $this->table_name . " WHERE id = ?"; $stmt = $this->conn->prepare($query); $stmt->bindParam(1, $this->id); if($stmt->execute()) { return true; } return false; } } ?>