linkDB(); $sql = "SELECT uid, username, email, created_at FROM users"; // don’t expose password hash try { $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); $sth = $pdo->prepare($sql); $sth->execute(); $result = $sth->fetchAll(\PDO::FETCH_ASSOC); $sth->closeCursor(); $pdo = null; return $result; } catch (\PDOException $e) { return ["error" => $e->getMessage()]; } } public function insert($data) { $pdo = $this->linkDB(); $sql = "INSERT INTO users (username, email, password_hash) VALUES (:username, :email, :password_hash)"; try { $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); $sth = $pdo->prepare($sql); $sth->bindValue(':username', $data['username']); $sth->bindValue(':email', $data['email']); $sth->bindValue(':password_hash', password_hash($data['password'], PASSWORD_BCRYPT)); $sth->execute(); $sth->closeCursor(); $pdo = null; return ["success" => true, "message" => "User created"]; } catch (\PDOException $e) { return ["error" => $e->getMessage()]; } } public function update($data) { $pdo = $this->linkDB(); $sql = "UPDATE users SET username = :username, email = :email WHERE uid = :uid"; try { $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); $sth = $pdo->prepare($sql); $sth->bindValue(':uid', $data['uid']); $sth->bindValue(':username', $data['username']); $sth->bindValue(':email', $data['email']); $sth->execute(); $sth->closeCursor(); $pdo = null; return ["success" => true, "message" => "User updated"]; } catch (\PDOException $e) { return ["error" => $e->getMessage()]; } } }