PHP Database_Connection::param_query Exemples

Exemple #1

Fichier : cart_actions.php Projet : anla9107/E-butik-PHP

function get_stock($id)
{
    $db = new Database_Connection();
    $sql = 'SELECT quantity FROM stock WHERE productsid = ?';
    $result = $db->param_query($sql, 'i', $id);
    $data = $result->fetch_assoc();
    $db->close_statement();
    return !empty($data['quantity']) ? $data['quantity'] : 0;
}

Exemple #2

Fichier : add_product.php Projet : anla9107/E-butik-PHP

function add_product($id)
{
    try {
        if (session_status() == PHP_SESSION_NONE) {
            session_start();
        }
        $db = new Database_Connection();
        $sql = 'SELECT quantity FROM stock WHERE productsid = ?';
        $result = $db->param_query($sql, 'i', $id);
        $data = $result->fetch_assoc();
        $db->close_statement();
        if ($data['quantity'] < 1) {
            throw new Exception('Product is not in stock');
        }
        $quantity = 0;
        if (!empty($_SESSION['cart'][$id])) {
            $quantity = $_SESSION['cart'][$id];
        }
        $_SESSION['cart'][$id] = ++$quantity;
        return true;
    } catch (Exception $e) {
        return false;
    }
}

Exemple #3

Fichier : confirm_order.php Projet : anla9107/E-butik-PHP

}
include_once 'db_data.php';
$db = new Database_Connection();
include_once 'model/confirm_checkout_model.php';
//turns out this page needs just about the exact kind of data...
$p = new Confirm_Checkout();
$data = $p->build();
$order_sql = "INSERT INTO orders(totalprice) VALUES (?)";
$deliver_sql = "INSERT INTO orderdelivery(orderid, firstname, lastname, email, address, zipcode, area) VALUES (?,?,?,?,?,?,?)";
$product_sql = "INSERT INTO orderproducts(orderid, productid) VALUES (?,?)";
$stock_sql = "UPDATE stock SET quantity=? WHERE productsid=?";
$success = false;
try {
    $db->connection->autocommit(false);
    //Insert a new order in the database
    $db->param_query($order_sql, "i", $data['total_price']);
    if ($db->statement->affected_rows == 0) {
        throw new Exception('order_sql not added');
    }
    $id = $db->connection->insert_id;
    $db->close_statement();
    //Inserts delivery information in the database
    //The data should already have been processed but just for safety in case I missed it, I will apply htmlspecialchars here as well.
    $array = array($id, htmlspecialchars($data['delivery']['first_name']), htmlspecialchars($data['delivery']['last_name']), htmlspecialchars($data['delivery']['email']), htmlspecialchars($data['delivery']['address']), htmlspecialchars($data['delivery']['zip_code']), htmlspecialchars($data['delivery']['area']));
    $db->param_query_array($deliver_sql, "issssss", $array);
    if ($db->statement->affected_rows == 0) {
        throw new Exception('deliver_sql not added');
    }
    $db->close_statement();
    //For each product, add it in the database table related to orders. Also alter the stock quantity.
    foreach ($data['products'] as $row) {