Part One
Park Two

11:34am
I’ve spent the last few days getting my prepared statements together, and I have the select and delete functions all set.

5:11pm
It seems I finally have all the functions together for adding and correctly removing items from cart and products table.

[php]
function select( $tableName, $property, $value ){
switch($tableName) //switch tablename so we can pick products or cart table
{
case "products":
$tbl = ‘products’;
break;
case "cart":
$tbl = ‘cart’;
break;
}

$db = dbConnect(); //connect to our database
if( strcmp($value, ”) != 0 ){
//error_log("looking by property $property");
switch($property){ //switch property so we can do lookups by ID or name
case "id":
$query = "SELECT * FROM $tbl WHERE id = :value";
break;
case "name":
$query = "SELECT * FROM $tbl WHERE name = :value";
break;
}
$stmt = $db->prepare($query);

//bind params
$stmt->bindValue(‘:value’, $value);

}
else{ //$value is empty; therefore we just want a general list of rows
$query = "SELECT * FROM $tbl";
$stmt = $db->prepare($query);
}
//execute
try{
$stmt->execute();
$result = $stmt->fetchAll();
return $result;
}
catch(Exception $e){
return $e;
}
}

function delete( $tableName, $value ){
switch($tableName) //switch tablename so we can pick products or cart table
{
case "products":
$tbl = ‘products’;
break;
case "cart":
$tbl = ‘cart’;
break;
}
error_log($value);
//no switch for property here. We only want to delete by ID for safety
$db = dbConnect(); //connect to our database
if( strcmp($value, ”) != 0 ){
error_log("deleting $value from cart");
$query = "DELETE FROM $tbl WHERE id=:value";
$stmt = $db->prepare($query);
//bind params
$stmt->bindValue(‘:value’, $value);
}
else{ //$value is empty; therefore we clear the table
error_log("clearing the cart");
$query = "DELETE FROM $tbl";
$stmt = $db->prepare($query);
}
//execute
try{
$stmt->execute();
$result = $stmt->fetchAll();
return $result;
}
catch(Exception $e){
return $e;
}
}

function update( $tableName, $values){
$db = dbConnect(); //connect to our database
error_log("update called");
switch($tableName) //switch tablename so we can pick products or cart table
{
case "products":
$query = "UPDATE products SET name=?, description=?, price=?, quantity=?, image=?, sale=? WHERE id=?";
$stmt = $db->prepare($query);
$stmt->execute(array($values[‘name’], $values[‘description’], $values[‘price’], $values[‘quantity’], $values[‘image’], $values[‘sale’], $values[‘id’]));
break;
case "cart":
$query = "UPDATE cart SET name=?, description=?, quantity=?, price=? WHERE id=?";

$stmt = $db->prepare($query);
$stmt->execute(array($values[‘name’], $values[‘description’], $values[‘quantity’], $values[‘price’], $values[‘id’]));
break;
}
}

function insert( $tableName, $values){
$db = dbConnect(); //connect to our database
switch($tableName) //switch tablename so we can pick products or cart table
{
case "products":
$tbl = ‘products’;
$query = "INSERT INTO $tbl(name, description, price, quantity, image, sale) VALUES(:name, :description, :price, :quantity, :image, :sale)";
$stmt = $db->prepare($query);
$stmt -> bindValue(‘:name’, $values[‘name’]);
$stmt -> bindValue(‘:description’, $values[‘description’]);
$stmt -> bindValue(‘:price’, $values[‘price’]);
$stmt -> bindValue(‘:quantity’, intval($values[‘quantity’]));
$stmt -> bindValue(‘:image’, $values[‘image’]);
$stmt -> bindValue(‘:sale’, intval($values[‘sale’]));

break;
case "cart":
$tbl = ‘cart’;
$query = "INSERT INTO $tbl(name, description, quantity, price, id) VALUES(:name, :description, :quantity, :price, :id)";
$stmt = $db->prepare($query);
$stmt -> bindValue(‘:name’, $values[‘name’]);
$stmt -> bindValue(‘:description’, $values[‘description’]);
$stmt -> bindValue(‘:quantity’, intval($values[‘quantity’]));
$stmt -> bindValue(‘:price’, intval($values[‘price’]));
$stmt -> bindValue(‘:id’, intval($values[‘id’]));

break;
}

//execute
try{
//error_log(print_r($stmt));
$stmt->execute();
}
catch(Exception $e){
error_log( $e );
}
}
[/php]

Leave a Reply

Your email address will not be published. Required fields are marked *