Untitled

 <?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");

    class Database{

    // specify your own database credentials
    private $host = 'itsuite.it.brighton.ac.uk';
    private $db_name = "al605_andrea";
    private $username = "al605";
    private $password = "al605";
    public $conn;

    // get the database connection
    public function getConnection()
    {
        $this->conn = null;

        try {
            $this->conn = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->db_name, $this->username, $this->password);
            $this->conn->exec("set names utf8");
        }
        catch (PDOException $exception) {
            echo "Connection error: " . $exception->getMessage();

        }

        return $this->conn;
    }

}


if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    // instantiate database and product object
    $database = new Database();
    $db       = $database->getConnection();

    // initialize object
    $product = new Item($db);

    // query products
    $stmt = $product->read();
    $num  = $stmt->rowCount();

    // check if more than 0 record found
    if ($num > 0) {

        // products array

        $products_arr = array();


        while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
            // extract row
            // this will make $row['name'] to
            // just $name only
            extract($row);

            $product_item = array(
                "name" => $name,
                "notes" => $notes

            );

            array_push($products_arr, $product_item);
        }
        http_response_code(200);
        header('content-type: application/json');
        echo json_encode($products_arr);

    }

    else {
        http_response_code(204);
        echo json_encode(array(
            "message" => "No products found."
        ));
    }

}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {

    $database = new Database();
    $db       = $database->getConnection();

    $product = new Item($db);

    // get posted data
    $data = json_decode(file_get_contents("php://input"));


    $product->oid      = $_POST['oid'];
    $product->name    = $_POST['name'];
    $product->notes = $_POST['notes'];


    // create the product
    if ($product->create()) {
        echo '{';
        echo '"message": "Product was created."';
        echo '}';
    }

    // if unable to create the product, tell the user
    else {
        echo '{';
        echo '"message": "Unable to create product."';
        echo '}';
    }

}


class Item
{

    // database connection and table name
    private $conn;
    private $table_name = "assesment_2";

    // object properties
    public $oid;
    public $name;
    public $notes;


    // constructor with $db as database connection
    public function __construct($db)
    {
        $this->conn = $db;
    }

    // read products
    function read()
    {

        $query = "SELECT
                oid , name, notes
            FROM
                " . $this->table_name . " p
            WHERE
                oid='" . $_GET['oid'] . "'";

        // prepare query statement
        $stmt = $this->conn->prepare($query);

        // execute query
        $stmt->execute();

        return $stmt;
    }

    // create product
    function create(){


        // query to insert record
        $query = "INSERT INTO
                " . $this->table_name . " (oid,name,notes)
            VALUES ('" . $this->oid . "','" . $this->name . "','" . $this->notes . "')";


        echo $query;
        // prepare query
        $stmt          = $this->conn->prepare($query);
        // sanitize
        $this->name    = htmlspecialchars(strip_tags($this->name));
        $this->oid      = htmlspecialchars(strip_tags($this->oid));
        $this->notes = htmlspecialchars(strip_tags($this->notes));


        // execute query
        if ($stmt->execute()) {
            return true;
        }

        return false;
    }
    }
?>