From 9094b58b6da9c0a37af1432024a160effcc52bda Mon Sep 17 00:00:00 2001 From: "Elias F." Date: Wed, 10 Dec 2025 09:36:57 +0100 Subject: [PATCH] Reroute getConnection() function in NoteModel.php to getConnectionWithMySQLI --- application/core/DatabaseFactory.php | 98 +++++++++----- application/model/NoteModel.php | 187 +++++++++++++-------------- 2 files changed, 158 insertions(+), 127 deletions(-) diff --git a/application/core/DatabaseFactory.php b/application/core/DatabaseFactory.php index 417972c..c03614d 100644 --- a/application/core/DatabaseFactory.php +++ b/application/core/DatabaseFactory.php @@ -21,44 +21,76 @@ */ class DatabaseFactory { - private static $factory; - private $database; + private static $factory; + private $database; - public static function getFactory() - { - if (!self::$factory) { - self::$factory = new DatabaseFactory(); - } - return self::$factory; + public static function getFactory() + { + if (!self::$factory) { + self::$factory = new DatabaseFactory(); + } + return self::$factory; + } + + public function getConnectionWithMySQLI() + { + if (!$this->database) { + // Throw exceptions and prevent also throwing credentials. + mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); + + try { + $host = Config::get('DB_HOST'); + $user = Config::get('DB_USER'); + $pass = Config::get('DB_PASS'); + $name = Config::get('DB_NAME'); + $port = (int) Config::get('DB_PORT'); + $charset = Config::get('DB_CHARSET') ? Config::get('DB_CHARSET') : 'utf8mb4'; + + $this->database = new mysqli($host, $user, $pass, $name, $port); + + // Set charset (important for security + correct encoding) + $this->database->set_charset($charset); + } catch (mysqli_sql_exception $e) { + echo 'Database connection can not be estabilished. Please try again later.' . '
'; + echo 'Error code: ' . $e->getCode(); + exit; + } } - public function getConnection() { - if (!$this->database) { + return $this->database; + } - /** - * Check DB connection in try/catch block. Also when PDO is not constructed properly, - * prevent to exposing database host, username and password in plain text as: - * PDO->__construct('mysql:host=127....', 'root', '12345678', Array) - * by throwing custom error message - */ - try { - $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING); - $this->database = new PDO( - Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' . - Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'), - Config::get('DB_USER'), Config::get('DB_PASS'), $options - ); - } catch (PDOException $e) { + public function getConnection() + { + if (!$this->database) { - // Echo custom message. Echo error code gives you some info. - echo 'Database connection can not be estabilished. Please try again later.' . '
'; - echo 'Error code: ' . $e->getCode(); + /** + * Check DB connection in try/catch block. Also when PDO is not constructed properly, + * prevent to exposing database host, username and password in plain text as: + * PDO->__construct('mysql:host=127....', 'root', '12345678', Array) + * by throwing custom error message + */ + try { + $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING); + $this->database = new PDO( + Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' . + Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'), + Config::get('DB_USER'), + Config::get('DB_PASS'), + $options + ); + } catch (PDOException $e) { - // Stop application :( - // No connection, reached limit connections etc. so no point to keep it running - exit; - } - } - return $this->database; + // Echo custom message. Echo error code gives you some info. + echo 'Database connection can not be estabilished. Please try again later.' . '
'; + echo 'Error code: ' . $e->getCode(); + + // Stop application :( + // No connection, reached limit connections etc. so no point to keep it running + exit; + } } + + return $this->database; + } } diff --git a/application/model/NoteModel.php b/application/model/NoteModel.php index 468694d..d67ba9f 100644 --- a/application/model/NoteModel.php +++ b/application/model/NoteModel.php @@ -6,115 +6,114 @@ */ class NoteModel { - /** - * Get all notes (notes are just example data that the user has created) - * @return array an array with several objects (the results) - */ - public static function getAllNotes() - { - $database = DatabaseFactory::getFactory()->getConnection(); + /** + * Get all notes (notes are just example data that the user has created) + * @return array an array with several objects (the results) + */ + public static function getAllNotes() + { + $database = DatabaseFactory::getFactory()->getConnection(); - $sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id"; - $query = $database->prepare($sql); - $query->execute(array(':user_id' => Session::get('user_id'))); + $sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id"; + $query = $database->prepare($sql); + $query->execute(array(':user_id' => Session::get('user_id'))); - // fetchAll() is the PDO method that gets all result rows - return $query->fetchAll(); + // fetchAll() is the PDO method that gets all result rows + return $query->fetchAll(); + } + + /** + * Get a single note + * @param int $note_id id of the specific note + * @return object a single object (the result) + */ + public static function getNote($note_id) + { + $database = DatabaseFactory::getFactory()->getConnectionWithMySQLI(); + + $sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id AND note_id = :note_id LIMIT 1"; + $query = $database->prepare($sql); + $query->execute(array(':user_id' => Session::get('user_id'), ':note_id' => $note_id)); + + return $query; + } + + /** + * Set a note (create a new one) + * @param string $note_text note text that will be created + * @return bool feedback (was the note created properly ?) + */ + public static function createNote($note_text) + { + if (!$note_text || strlen($note_text) == 0) { + Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED')); + return false; } - /** - * Get a single note - * @param int $note_id id of the specific note - * @return object a single object (the result) - */ - public static function getNote($note_id) - { - $database = DatabaseFactory::getFactory()->getConnection(); + $database = DatabaseFactory::getFactory()->getConnection(); - $sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id AND note_id = :note_id LIMIT 1"; - $query = $database->prepare($sql); - $query->execute(array(':user_id' => Session::get('user_id'), ':note_id' => $note_id)); + $sql = "INSERT INTO notes (note_text, user_id) VALUES (:note_text, :user_id)"; + $query = $database->prepare($sql); + $query->execute(array(':note_text' => $note_text, ':user_id' => Session::get('user_id'))); - // fetch() is the PDO method that gets a single result - return $query->fetch(); + if ($query->rowCount() == 1) { + return true; } - /** - * Set a note (create a new one) - * @param string $note_text note text that will be created - * @return bool feedback (was the note created properly ?) - */ - public static function createNote($note_text) - { - if (!$note_text || strlen($note_text) == 0) { - Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED')); - return false; - } + // default return + Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED')); + return false; + } - $database = DatabaseFactory::getFactory()->getConnection(); - - $sql = "INSERT INTO notes (note_text, user_id) VALUES (:note_text, :user_id)"; - $query = $database->prepare($sql); - $query->execute(array(':note_text' => $note_text, ':user_id' => Session::get('user_id'))); - - if ($query->rowCount() == 1) { - return true; - } - - // default return - Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED')); - return false; + /** + * Update an existing note + * @param int $note_id id of the specific note + * @param string $note_text new text of the specific note + * @return bool feedback (was the update successful ?) + */ + public static function updateNote($note_id, $note_text) + { + if (!$note_id || !$note_text) { + return false; } - /** - * Update an existing note - * @param int $note_id id of the specific note - * @param string $note_text new text of the specific note - * @return bool feedback (was the update successful ?) - */ - public static function updateNote($note_id, $note_text) - { - if (!$note_id || !$note_text) { - return false; - } + $database = DatabaseFactory::getFactory()->getConnection(); - $database = DatabaseFactory::getFactory()->getConnection(); + $sql = "UPDATE notes SET note_text = :note_text WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; + $query = $database->prepare($sql); + $query->execute(array(':note_id' => $note_id, ':note_text' => $note_text, ':user_id' => Session::get('user_id'))); - $sql = "UPDATE notes SET note_text = :note_text WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; - $query = $database->prepare($sql); - $query->execute(array(':note_id' => $note_id, ':note_text' => $note_text, ':user_id' => Session::get('user_id'))); - - if ($query->rowCount() == 1) { - return true; - } - - Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_EDITING_FAILED')); - return false; + if ($query->rowCount() == 1) { + return true; } - /** - * Delete a specific note - * @param int $note_id id of the note - * @return bool feedback (was the note deleted properly ?) - */ - public static function deleteNote($note_id) - { - if (!$note_id) { - return false; - } + Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_EDITING_FAILED')); + return false; + } - $database = DatabaseFactory::getFactory()->getConnection(); - - $sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; - $query = $database->prepare($sql); - $query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id'))); - - if ($query->rowCount() == 1) { - return true; - } - - // default return - Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED')); - return false; + /** + * Delete a specific note + * @param int $note_id id of the note + * @return bool feedback (was the note deleted properly ?) + */ + public static function deleteNote($note_id) + { + if (!$note_id) { + return false; } + + $database = DatabaseFactory::getFactory()->getConnection(); + + $sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; + $query = $database->prepare($sql); + $query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id'))); + + if ($query->rowCount() == 1) { + return true; + } + + // default return + Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED')); + return false; + } }