36 lines
971 B
PHP
36 lines
971 B
PHP
<?php
|
|
|
|
namespace ppa\Controller;
|
|
|
|
use ppa\Model\NotesModel;
|
|
use ppa\Library\View;
|
|
|
|
class NotesController
|
|
{
|
|
private $notesModel;
|
|
protected $view;
|
|
|
|
public function __construct($view)
|
|
{
|
|
$this->notesModel = new NotesModel();
|
|
$this->view = $view;
|
|
}
|
|
|
|
public function showNotes()
|
|
{
|
|
$sortBy = $_GET['sort_by'] ?? 'updated_at';
|
|
$sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC');
|
|
|
|
// Validate sort order to prevent SQL injection
|
|
$sortOrder = in_array($sortOrder, ['ASC', 'DESC']) ? $sortOrder : 'DESC';
|
|
|
|
// Validate sort column to prevent SQL injection
|
|
$validSortColumns = ['id', 'title', 'updated_at', 'created_at'];
|
|
$sortBy = in_array($sortBy, $validSortColumns) ? $sortBy : 'updated_at';
|
|
|
|
$this->view->setVars([
|
|
"notes" => $this->notesModel->selectNotesForUser(2, $sortBy, $sortOrder) //$_SESSION['user_id']
|
|
]);
|
|
}
|
|
|
|
} |