Fixed MAJOR bugs, currently at a semi-stable state
This commit is contained in:
@ -35,16 +35,45 @@ class TicketModel {
|
||||
return $comments;
|
||||
}
|
||||
|
||||
public function getAllTickets($page = 1, $limit = 15, $status = 'Open', $sortColumn = 'ticket_id', $sortDirection = 'desc') {
|
||||
public function getAllTickets($page = 1, $limit = 15, $status = 'Open', $sortColumn = 'ticket_id', $sortDirection = 'desc', $category = null, $type = null) {
|
||||
// Calculate offset
|
||||
$offset = ($page - 1) * $limit;
|
||||
|
||||
// Build WHERE clause for status filtering
|
||||
$whereClause = "";
|
||||
// Build WHERE clause
|
||||
$whereConditions = [];
|
||||
$params = [];
|
||||
$paramTypes = '';
|
||||
|
||||
// Status filtering
|
||||
if ($status) {
|
||||
$statuses = explode(',', $status);
|
||||
$placeholders = str_repeat('?,', count($statuses) - 1) . '?';
|
||||
$whereClause = "WHERE status IN ($placeholders)";
|
||||
$whereConditions[] = "status IN ($placeholders)";
|
||||
$params = array_merge($params, $statuses);
|
||||
$paramTypes .= str_repeat('s', count($statuses));
|
||||
}
|
||||
|
||||
// Category filtering
|
||||
if ($category) {
|
||||
$categories = explode(',', $category);
|
||||
$placeholders = str_repeat('?,', count($categories) - 1) . '?';
|
||||
$whereConditions[] = "category IN ($placeholders)";
|
||||
$params = array_merge($params, $categories);
|
||||
$paramTypes .= str_repeat('s', count($categories));
|
||||
}
|
||||
|
||||
// Type filtering
|
||||
if ($type) {
|
||||
$types = explode(',', $type);
|
||||
$placeholders = str_repeat('?,', count($types) - 1) . '?';
|
||||
$whereConditions[] = "type IN ($placeholders)";
|
||||
$params = array_merge($params, $types);
|
||||
$paramTypes .= str_repeat('s', count($types));
|
||||
}
|
||||
|
||||
$whereClause = '';
|
||||
if (!empty($whereConditions)) {
|
||||
$whereClause = 'WHERE ' . implode(' AND ', $whereConditions);
|
||||
}
|
||||
|
||||
// Validate sort column to prevent SQL injection
|
||||
@ -60,8 +89,8 @@ class TicketModel {
|
||||
$countSql = "SELECT COUNT(*) as total FROM tickets $whereClause";
|
||||
$countStmt = $this->conn->prepare($countSql);
|
||||
|
||||
if ($status) {
|
||||
$countStmt->bind_param(str_repeat('s', count($statuses)), ...$statuses);
|
||||
if (!empty($params)) {
|
||||
$countStmt->bind_param($paramTypes, ...$params);
|
||||
}
|
||||
|
||||
$countStmt->execute();
|
||||
@ -72,12 +101,13 @@ class TicketModel {
|
||||
$sql = "SELECT * FROM tickets $whereClause ORDER BY $sortColumn $sortDirection LIMIT ? OFFSET ?";
|
||||
$stmt = $this->conn->prepare($sql);
|
||||
|
||||
if ($status) {
|
||||
$types = str_repeat('s', count($statuses)) . 'ii';
|
||||
$params = array_merge($statuses, [$limit, $offset]);
|
||||
$stmt->bind_param($types, ...$params);
|
||||
} else {
|
||||
$stmt->bind_param("ii", $limit, $offset);
|
||||
// Add limit and offset parameters
|
||||
$params[] = $limit;
|
||||
$params[] = $offset;
|
||||
$paramTypes .= 'ii';
|
||||
|
||||
if (!empty($params)) {
|
||||
$stmt->bind_param($paramTypes, ...$params);
|
||||
}
|
||||
|
||||
$stmt->execute();
|
||||
|
||||
Reference in New Issue
Block a user