From 5248f1c59cbcc1b0e84df557ece109725ef0cc02 Mon Sep 17 00:00:00 2001
From: Felix Ivo <fx.ivo@web.de>
Date: Mon, 16 Jun 2025 10:25:46 +0200
Subject: [PATCH] prepare sql

---
 Model/NotesModel.php | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/Model/NotesModel.php b/Model/NotesModel.php
index eb37be0..4e7e9f1 100644
--- a/Model/NotesModel.php
+++ b/Model/NotesModel.php
@@ -2,25 +2,40 @@
 
 namespace ppa\Model;
 use ppa\Model\ParticipantModel;
+use ppb\Library\Msg;
+use PDOException;
 
 class NotesModel extends Database
 {
     public function selectNotesForUser($userid, $sortBy = 'updated_at', $sortOrder = 'DESC')
     {
+        $pdo = $this->linkDB();
+		
+		$erg=array();
+		$params=array();
+
         $sql = "SELECT n.*, u.username AS owner_username 
             FROM notes n 
             JOIN users u ON n.user_id = u.id 
-            ORDER BY {$sortBy} {$sortOrder}";
+            ORDER BY :sortBy :sortOrder";
 
-        $pdo = $this->linkDB();
+        $params[':sortBy']=$sortBy;
+        $params[':sortOrder']=$sortOrder;
 
         try {
-            $res = $pdo->query($sql);
-        } catch (\PDOException $e) {
-            new \ppa\Library\ErrorMsg("Ihre Anfrage konnte nicht verarbeitet werden", $e); 
-            die;
-        }
+			$stmt=$pdo->prepare($sql);
+			$stmt->execute($params);
+		} catch (PDOException $e) {
+			new Msg(true, null, $e);
+			return false;
+		}
+        
+        $erg=$stmt->fetchAll(\PDO::FETCH_ASSOC);
 
-        return $res->fetchAll(\PDO::FETCH_ASSOC);
+		foreach($erg as $key=>$row) {
+			$erg[$key]['id']+=0;
+		}
+
+		return $erg;
     }
 }
\ No newline at end of file