TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: TwoTalesDev:45523720eae3aadb7bd92c6d7b5336330514c4fb
Branches Tags
TwoTalesDev:main TwoTalesDev:feature/ikhokha2 TwoTalesDev:feature/blog-2026 TwoTalesDev:feature/photo-gallery TwoTalesDev:feature/events TwoTalesDev:feature/campsite-updates TwoTalesDev:feature/trip-publisher TwoTalesDev:feature/site-cleanup TwoTalesDev:feature/site-restructure TwoTalesDev:feature/blog-posts TwoTalesDev:feature/pop_submit TwoTalesDev:feature/homepage_sponsor
...
compare: TwoTalesDev:1d7a50709ebbeb6cfd598c9be91da310ff9f9786
Branches Tags
TwoTalesDev:main TwoTalesDev:feature/ikhokha2 TwoTalesDev:feature/blog-2026 TwoTalesDev:feature/photo-gallery TwoTalesDev:feature/events TwoTalesDev:feature/campsite-updates TwoTalesDev:feature/trip-publisher TwoTalesDev:feature/site-cleanup TwoTalesDev:feature/site-restructure TwoTalesDev:feature/blog-posts TwoTalesDev:feature/pop_submit TwoTalesDev:feature/homepage_sponsor

3 Commits
45523720ea ... 1d7a50709e

Author SHA1 Message Date
twotalesanimation
1d7a50709e Fix: blog.php bind_param() reference error 
- Moved variable assignment outside of bind_param()
- Line 46: Changed bind_param("s", $status = 'published') to separate assignment
- Fixes: "mysqli_stmt::bind_param(): Argument #2 cannot be passed by reference"
- bind_param() requires variables by reference, not inline assignments
 2025-12-04 09:37:48 +02:00
twotalesanimation
7e544311e3 Docs: DatabaseService usage examples and migration guide 
- Added comprehensive before/after examples
- Covers: SELECT, SELECT one, INSERT, UPDATE, DELETE, COUNT, EXISTS
- Transaction handling examples
- Type specification reference (i, d, s, b)
- Migration path and benefits summary
- Reduces query code by 50-75%
- Guide for gradual implementation throughout codebase
 2025-12-03 20:06:34 +02:00
twotalesanimation
0143f5dd12 Add: DatabaseService class for abstracted database operations 
- Created DatabaseService.php with full OOP database abstraction layer
- Methods: select(), selectOne(), insert(), update(), delete(), execute(), count(), exists()
- Transaction support: beginTransaction(), commit(), rollback()
- Error handling: getLastError(), getLastQuery() for debugging
- Type-safe parameter binding with prepared statements
- Updated connection.php to initialize $db service
- Available globally as $db variable after connection.php include
- Foundation for migrating from procedural $conn queries
 2025-12-03 19:59:32 +02:00
4 changed files with 694 additions and 1 deletions
Expand all files Collapse all files

368
DATABASE_SERVICE_EXAMPLES.md Normal file
View File

@@ -0,0 +1,368 @@
# DatabaseService Usage Examples
This document shows how to refactor existing code to use the new `DatabaseService` class for cleaner, more maintainable database operations.
## Current State
Files are using the procedural MySQLi pattern:
```php
$stmt = $conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$stmt->close();
```
## Example 1: Simple SELECT (admin_members.php)
### Current Code
```php
$stmt = $conn->prepare("SELECT user_id, first_name, last_name, tel_cell, email, dob, accept_indemnity FROM membership_application");
$stmt->execute();
$result = $stmt->get_result();
// Then in HTML/JS loop:
while ($row = $result->fetch_assoc()) {
// display row
}
```
### Using DatabaseService
```php
// Simple - get all records
$members = $db->select("SELECT user_id, first_name, last_name, tel_cell, email, dob, accept_indemnity FROM membership_application");
// In HTML/JS loop:
foreach ($members as $row) {
// display row
}
```
**Benefits:**
- No manual `bind_param()`, `execute()`, `close()` needed
- Returns array directly
- Automatic error tracking via `$db->getLastError()`
---
## Example 2: SELECT with Parameters (validate_login.php)
### Current Code
```php
$query = "SELECT * FROM users WHERE email = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
// use $row
}
$stmt->close();
```
### Using DatabaseService
```php
$user = $db->selectOne(
"SELECT * FROM users WHERE email = ?",
[$email],
"s" // s = string type
);
if ($user) {
// use $user - returns false if no row found
}
```
**Benefits:**
- One-liner for single row
- Handles null checks automatically
- Type specification clear in parameters
---
## Example 3: INSERT (validate_login.php)
### Current Code
```php
$query = "INSERT INTO users (email, first_name, last_name, profile_pic, password, is_verified) VALUES (?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$is_verified = 1;
$stmt->bind_param("sssssi", $email, $first_name, $last_name, $picture, $password, $is_verified);
if ($stmt->execute()) {
$user_id = $conn->insert_id; // ❌ Bug: insert_id from $conn, not $stmt
// use $user_id
}
$stmt->close();
```
### Using DatabaseService
```php
$user_id = $db->insert(
"INSERT INTO users (email, first_name, last_name, profile_pic, password, is_verified) VALUES (?, ?, ?, ?, ?, ?)",
[$email, $first_name, $last_name, $picture, $password, 1],
"sssssi"
);
if ($user_id) {
// $user_id contains the auto-increment ID
} else {
$error = $db->getLastError();
}
```
**Benefits:**
- Returns insert ID directly
- Automatic error handling
- Cleaner parameter list
---
## Example 4: UPDATE (admin_members.php)
### Current Code
```php
$user_id = intval($_POST['user_id']);
$stmt = $conn->prepare("UPDATE membership_application SET accept_indemnity = 1 WHERE user_id = ?");
if ($stmt) {
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->close();
}
```
### Using DatabaseService
```php
$user_id = intval($_POST['user_id']);
$affectedRows = $db->update(
"UPDATE membership_application SET accept_indemnity = 1 WHERE user_id = ?",
[$user_id],
"i"
);
if ($affectedRows !== false) {
// Updated successfully, $affectedRows = number of rows changed
}
```
**Benefits:**
- Returns affected row count
- No manual statement closing
- Error available via `$db->getLastError()`
---
## Example 5: COUNT / EXISTS
### Current Pattern (Need 3 lines)
```php
$stmt = $conn->prepare("SELECT COUNT(*) as count FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row['count'] > 0) { /* exists */ }
$stmt->close();
```
### Using DatabaseService (One line)
```php
$exists = $db->exists("users", "email = ?", [$email], "s");
if ($exists) {
// User exists
}
```
**Benefits:**
- Boolean result
- Intent is clear
- One-liner
---
## Example 6: Multiple Rows with Filtering
### Current Code
```php
$status = 'active';
$stmt = $conn->prepare("SELECT * FROM members WHERE status = ? ORDER BY last_name ASC");
$stmt->bind_param("s", $status);
$stmt->execute();
$result = $stmt->get_result();
$members = [];
while ($row = $result->fetch_assoc()) {
$members[] = $row;
}
$stmt->close();
```
### Using DatabaseService
```php
$members = $db->select(
"SELECT * FROM members WHERE status = ? ORDER BY last_name ASC",
['active'],
"s"
);
```
**Benefits:**
- Returns array directly
- No loop needed
- 2 lines vs 8 lines
---
## Example 7: Error Handling
### Current Pattern
```php
$stmt = $conn->prepare("SELECT * FROM users WHERE id = ?");
if (!$stmt) {
echo "Prepare failed: " . $conn->error;
exit();
}
$stmt->bind_param("i", $id);
if (!$stmt->execute()) {
echo "Execute failed: " . $stmt->error;
exit();
}
```
### Using DatabaseService
```php
$user = $db->selectOne("SELECT * FROM users WHERE id = ?", [$id], "i");
if ($user === false) {
$error = $db->getLastError();
error_log("Database error: " . $error);
// handle error
}
```
**Benefits:**
- Error handling centralized
- No null checks for each step
- Debug via `$db->getLastQuery()`
---
## Example 8: Transactions
### Current Pattern
```php
$conn->begin_transaction();
try {
$stmt = $conn->prepare("INSERT INTO orders ...");
$stmt->execute();
$stmt = $conn->prepare("UPDATE inventory ...");
$stmt->execute();
$conn->commit();
} catch (Exception $e) {
$conn->rollback();
}
```
### Using DatabaseService
```php
$db->beginTransaction();
$order_id = $db->insert("INSERT INTO orders ...", [...], "...");
if ($order_id === false) {
$db->rollback();
exit("Order creation failed");
}
$updated = $db->update("UPDATE inventory ...", [...], "...");
if ($updated === false) {
$db->rollback();
exit("Inventory update failed");
}
$db->commit();
```
**Benefits:**
- Unified transaction API
- Built-in error checking
- Clean rollback on failure
---
## Type Specification Reference
When using DatabaseService methods, specify parameter types:
| Type | Meaning | Example |
|------|---------|---------|
| `"i"` | Integer | `user_id = 5` |
| `"d"` | Double/Float | `price = 19.99` |
| `"s"` | String | `email = 'test@example.com'` |
| `"b"` | Blob | Binary data |
Examples:
```php
// Single parameter
$db->select("SELECT * FROM users WHERE id = ?", [123], "i");
// Multiple parameters
$db->select(
"SELECT * FROM users WHERE email = ? AND status = ?",
["test@example.com", "active"],
"ss"
);
// Mixed types
$db->select(
"SELECT * FROM orders WHERE user_id = ? AND total > ? AND date = ?",
[5, 100.50, "2025-01-01"],
"ids" // integer, double, string
);
```
---
## Migration Path
### Phase 1: New Code
Start using `$db` for all new features and AJAX endpoints.
### Phase 2: High-Traffic Files
Refactor popular files:
1. `validate_login.php` - Login is critical
2. `functions.php` - Helper functions
3. `admin_members.php`, `admin_payments.php` - Admin pages
### Phase 3: Gradual Rollout
As each file is refactored, commit and test thoroughly before moving to next.
### Phase 4: Full Migration
Eventually all procedural `$conn->prepare()` patterns replaced.
---
## Benefits Summary
| Aspect | Before | After |
|--------|--------|-------|
| Lines per query | 5-8 | 1-3 |
| Error handling | Manual checks | Automatic |
| Type safety | bind_param() | Parameter array |
| Statement closing | Manual | Automatic |
| Insert ID handling | `$conn->insert_id` (buggy) | Direct return |
| Debugging | Check multiple vars | `getLastError()`, `getLastQuery()` |
| Consistency | Varies | Unified API |
---
## Next Steps
1. Start with one file (e.g., `admin_members.php`)
2. Convert simple queries first
3. Test thoroughly
4. Commit and move to next file
5. Keep `$conn` available for complex queries that don't fit the standard patterns
The `$db` service makes your code **cleaner, safer, and easier to maintain**.

3
blog.php
View File

@@ -42,8 +42,9 @@ include_once('header.php') ?>
<div class="col-lg-8">
<?php
// Query to retrieve data from blogs table
$status = 'published';
$stmt = $conn->prepare("SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = ? ORDER BY date DESC");
$stmt->bind_param("s", $status = 'published');
$stmt->bind_param("s", $status);
$stmt->execute();
$result = $stmt->get_result();

320
classes/DatabaseService.php Normal file
View File

@@ -0,0 +1,320 @@
<?php
/**
* DatabaseService Class
*
* Provides a centralized database abstraction layer for all database operations.
* Enforces prepared statements, proper error handling, and type safety.
*
* @package 4WDCSA
* @version 1.0
*/
class DatabaseService {
private $conn;
private $lastError = null;
private $lastQuery = null;
/**
* Constructor - Initialize database connection
*
* @param mysqli $connection The MySQLi connection object
*/
public function __construct($connection) {
if (!$connection) {
throw new Exception("Database connection failed");
}
$this->conn = $connection;
}
/**
* Get the last error message
*
* @return string|null The last error or null if no error
*/
public function getLastError() {
return $this->lastError;
}
/**
* Get the last executed query
*
* @return string|null The last query or null
*/
public function getLastQuery() {
return $this->lastQuery;
}
/**
* Execute a SELECT query with parameter binding
*
* @param string $query SQL query with ? placeholders
* @param array $params Parameters to bind
* @param string $types Type specification string (e.g., "isi" for int, string, int)
* @return array|false Array of results or false on error
*/
public function select($query, $params = [], $types = "") {
try {
$this->lastQuery = $query;
$stmt = $this->conn->prepare($query);
if (!$stmt) {
$this->lastError = "Prepare failed: " . $this->conn->error;
return false;
}
if (!empty($params) && !empty($types)) {
if (!$stmt->bind_param($types, ...$params)) {
$this->lastError = "Bind failed: " . $stmt->error;
return false;
}
}
if (!$stmt->execute()) {
$this->lastError = "Execute failed: " . $stmt->error;
return false;
}
$result = $stmt->get_result();
$data = [];
while ($row = $result->fetch_assoc()) {
$data[] = $row;
}
$stmt->close();
return $data;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
/**
* Execute a SELECT query returning a single row
*
* @param string $query SQL query with ? placeholders
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return array|false Single row as associative array or false
*/
public function selectOne($query, $params = [], $types = "") {
$results = $this->select($query, $params, $types);
return ($results && count($results) > 0) ? $results[0] : false;
}
/**
* Execute an INSERT query
*
* @param string $query SQL query with ? placeholders
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return int|false Last insert ID or false on error
*/
public function insert($query, $params = [], $types = "") {
try {
$this->lastQuery = $query;
$stmt = $this->conn->prepare($query);
if (!$stmt) {
$this->lastError = "Prepare failed: " . $this->conn->error;
return false;
}
if (!empty($params) && !empty($types)) {
if (!$stmt->bind_param($types, ...$params)) {
$this->lastError = "Bind failed: " . $stmt->error;
return false;
}
}
if (!$stmt->execute()) {
$this->lastError = "Execute failed: " . $stmt->error;
return false;
}
$insertId = $stmt->insert_id;
$stmt->close();
return $insertId;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
/**
* Execute an UPDATE query
*
* @param string $query SQL query with ? placeholders
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return int|false Number of affected rows or false on error
*/
public function update($query, $params = [], $types = "") {
try {
$this->lastQuery = $query;
$stmt = $this->conn->prepare($query);
if (!$stmt) {
$this->lastError = "Prepare failed: " . $this->conn->error;
return false;
}
if (!empty($params) && !empty($types)) {
if (!$stmt->bind_param($types, ...$params)) {
$this->lastError = "Bind failed: " . $stmt->error;
return false;
}
}
if (!$stmt->execute()) {
$this->lastError = "Execute failed: " . $stmt->error;
return false;
}
$affectedRows = $stmt->affected_rows;
$stmt->close();
return $affectedRows;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
/**
* Execute a DELETE query
*
* @param string $query SQL query with ? placeholders
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return int|false Number of affected rows or false on error
*/
public function delete($query, $params = [], $types = "") {
return $this->update($query, $params, $types);
}
/**
* Execute an arbitrary query (for complex queries)
*
* @param string $query SQL query with ? placeholders
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return mixed Query result or false on error
*/
public function execute($query, $params = [], $types = "") {
try {
$this->lastQuery = $query;
$stmt = $this->conn->prepare($query);
if (!$stmt) {
$this->lastError = "Prepare failed: " . $this->conn->error;
return false;
}
if (!empty($params) && !empty($types)) {
if (!$stmt->bind_param($types, ...$params)) {
$this->lastError = "Bind failed: " . $stmt->error;
return false;
}
}
if (!$stmt->execute()) {
$this->lastError = "Execute failed: " . $stmt->error;
return false;
}
$stmt->close();
return true;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
/**
* Count rows matching a condition
*
* @param string $table Table name
* @param string $where WHERE clause (without WHERE keyword)
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return int|false Row count or false on error
*/
public function count($table, $where = "1=1", $params = [], $types = "") {
$query = "SELECT COUNT(*) as count FROM {$table} WHERE {$where}";
$result = $this->selectOne($query, $params, $types);
return ($result) ? (int)$result['count'] : false;
}
/**
* Check if a record exists
*
* @param string $table Table name
* @param string $where WHERE clause (without WHERE keyword)
* @param array $params Parameters to bind
* @param string $types Type specification string
* @return bool True if record exists, false otherwise
*/
public function exists($table, $where, $params = [], $types = "") {
$count = $this->count($table, $where, $params, $types);
return ($count !== false && $count > 0);
}
/**
* Get the MySQLi connection object for advanced operations
*
* @return mysqli The MySQLi connection
*/
public function getConnection() {
return $this->conn;
}
/**
* Start a transaction
*
* @return bool Success status
*/
public function beginTransaction() {
try {
$this->conn->begin_transaction();
return true;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
/**
* Commit a transaction
*
* @return bool Success status
*/
public function commit() {
try {
$this->conn->commit();
return true;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
/**
* Rollback a transaction
*
* @return bool Success status
*/
public function rollback() {
try {
$this->conn->rollback();
return true;
} catch (Exception $e) {
$this->lastError = $e->getMessage();
return false;
}
}
}
?>

4
connection.php
View File

@@ -13,3 +13,7 @@ if(!$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname)){
}
date_default_timezone_set('Africa/Johannesburg');
// Initialize DatabaseService for modern queries
require_once(__DIR__ . '/classes/DatabaseService.php');
$db = new DatabaseService($conn);