conn = $db; } public function create(){ try{ // insert query $query = "INSERT INTO products SET name=:name, description=:description, price=:price, category_id=:category_id, created=:created"; // prepare query for execution $stmt = $this->conn->prepare($query); // sanitize $name=htmlspecialchars(strip_tags($this->name)); $description=htmlspecialchars(strip_tags($this->description)); $price=htmlspecialchars(strip_tags($this->price)); $category_id=htmlspecialchars(strip_tags($this->category_id)); // bind the parameters $stmt->bindParam(':name', $name); $stmt->bindParam(':description', $description); $stmt->bindParam(':price', $price); $stmt->bindParam(':category_id', $category_id); // we need the created variable to know when the record was created // also, to comply with strict standards: only variables should be passed by reference $created=date('Y-m-d H:i:s'); $stmt->bindParam(':created', $created); // Execute the query if($stmt->execute()){ return true; }else{ return false; } } // show error if any catch(PDOException $exception){ die('ERROR: ' . $exception->getMessage()); } } public function readAll(){ //select all data $query = "SELECT p.id, p.name, p.description, p.price, c.name as category_name FROM " . $this->table_name . " p LEFT JOIN categories c ON p.category_id=c.id ORDER BY id DESC"; $stmt = $this->conn->prepare($query); $stmt->execute(); $results=$stmt->fetchAll(PDO::FETCH_ASSOC); return json_encode($results); } }