<?php

namespace ppa\Controller;

use ppa\Model\NotesModel;
use ppa\Library\View;

class NotesController
{
    private $notesModel;
    protected $view;

    public function __construct($view)
    {
        $this->notesModel = new NotesModel();
        $this->view = $view;
    }

    public function showNotes() 
    {
        $sortBy = $_GET['sort_by'] ?? 'updated_at';
        $sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC');
        
        // Validate sort order to prevent SQL injection
        $sortOrder = in_array($sortOrder, ['ASC', 'DESC']) ? $sortOrder : 'DESC';
        
        // Validate sort column to prevent SQL injection
        $validSortColumns = ['id', 'title', 'updated_at', 'created_at'];
        $sortBy = in_array($sortBy, $validSortColumns) ? $sortBy : 'updated_at';
        
        $this->view->setVars([
            "notes" => $this->notesModel->selectNotesForUser(2, $sortBy, $sortOrder) //$_SESSION['user_id']
        ]);
    }

}