conn = $db; } public function create() { $query = "INSERT INTO " . $this->table_name . " (title, description, profile_image, product_id, is_active) VALUES (:title, :description, :profile_image, :product_id, :is_active)"; $stmt = $this->conn->prepare($query); // Sanitize $this->title = htmlspecialchars(strip_tags($this->title)); $this->description = htmlspecialchars(strip_tags($this->description)); $this->profile_image = htmlspecialchars(strip_tags($this->profile_image)); $this->product_id = htmlspecialchars(strip_tags($this->product_id)); $this->is_active = htmlspecialchars(strip_tags($this->is_active)); // Bind values $stmt->bindParam(":title", $this->title); $stmt->bindParam(":description", $this->description); $stmt->bindParam(":profile_image", $this->profile_image); $stmt->bindParam(":product_id", $this->product_id); $stmt->bindParam(":is_active", $this->is_active); if($stmt->execute()) { return true; } return false; } public function getAll() { $query = "SELECT ip.*, p.name as product_name, p.price as product_price, p.image as product_image FROM " . $this->table_name . " ip LEFT JOIN products p ON ip.product_id = p.id WHERE ip.is_active = 1 ORDER BY ip.created_at DESC"; $stmt = $this->conn->prepare($query); $stmt->execute(); return $stmt; } public function getOne() { $query = "SELECT ip.*, p.name as product_name, p.price as product_price, p.image as product_image FROM " . $this->table_name . " ip LEFT JOIN products p ON ip.product_id = p.id WHERE ip.id = :id AND ip.is_active = 1 LIMIT 0,1"; $stmt = $this->conn->prepare($query); $stmt->bindParam(":id", $this->id); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if($row) { $this->title = $row['title']; $this->description = $row['description']; $this->profile_image = $row['profile_image']; $this->product_id = $row['product_id']; $this->is_active = $row['is_active']; return $row; } return false; } public function update() { $query = "UPDATE " . $this->table_name . " SET title = :title, description = :description, profile_image = :profile_image, product_id = :product_id, is_active = :is_active WHERE id = :id"; $stmt = $this->conn->prepare($query); // Sanitize $this->title = htmlspecialchars(strip_tags($this->title)); $this->description = htmlspecialchars(strip_tags($this->description)); $this->profile_image = htmlspecialchars(strip_tags($this->profile_image)); $this->product_id = htmlspecialchars(strip_tags($this->product_id)); $this->is_active = htmlspecialchars(strip_tags($this->is_active)); $this->id = htmlspecialchars(strip_tags($this->id)); // Bind values $stmt->bindParam(":title", $this->title); $stmt->bindParam(":description", $this->description); $stmt->bindParam(":profile_image", $this->profile_image); $stmt->bindParam(":product_id", $this->product_id); $stmt->bindParam(":is_active", $this->is_active); $stmt->bindParam(":id", $this->id); if($stmt->execute()) { return true; } return false; } public function delete() { $query = "UPDATE " . $this->table_name . " SET is_active = 0 WHERE id = :id"; $stmt = $this->conn->prepare($query); $stmt->bindParam(":id", $this->id); if($stmt->execute()) { return true; } return false; } public function getAllActive() { $query = "SELECT * FROM " . $this->table_name . " WHERE is_active = 1 ORDER BY created_at DESC"; $stmt = $this->conn->prepare($query); $stmt->execute(); return $stmt; } } ?>