<?

class DataHandler { # Opens a database connection private function connect() { return new mysqli('localhost', 'user', 'password', 'database'); } # Closes the database connection private function disconnect(&$sql) { $sql->close(); } # Prepares the statement to run private function prepare_and_execute(&$sql, $query, $param) { $stmt = $sql->prepare($query); $this->bind_param($stmt, $param); if ($stmt->execute()) return $stmt; else { echo("Error in statement: " .mysqli_error($sql)); return false; } } # Runs a query with parameters and returns its results private function query($query, $param) { $sql = $this->connect(); $stmt = $this->prepare_and_execute($sql, $query, $param); $fields = $this->get_fields($stmt); foreach ($fields as $field) $bound[] = &${$field}; $this->bind_result($stmt, $bound); $result = array(); $i = 0; while ($stmt->fetch()) { foreach ($fields as $field) $result[$i][$field] = $$field; $i++; } $stmt->close(); $this->disconnect($sql); if (count($result) == 1) $result = $result[0]; return $result; } # Runs a parameterless query and returns its results private function query_no_params($query) { $sql = $this->connect(); $stmt = $sql->prepare($query); $stmt->execute(); $fields = $this->get_fields($stmt); foreach ($fields as $field) $bound[] = &${$field};

$this->bind_result($stmt, $bound); $result = array(); $i = 0; while ($stmt->fetch()) { foreach ($fields as $field) $result[$i][$field] = $$field; $i++; } $stmt->close(); $this->disconnect($sql); if (count($result) == 1) $result = $result[0]; return $result; } # Binds parameters to a query private function bind_param(&$stmt, $param) { $tmp = array(); foreach ($param as $key=>$value) $tmp[$key] = &$param[$key]; call_user_func_array(array($stmt, 'bind_param'), $tmp); } # Binds the query results private function bind_result(&$stmt, &$result) { $tmp = array(); foreach ($result as $key=>$value) $tmp[$key] = &$result[$key]; call_user_func_array(array($stmt, 'bind_result'), $tmp); } # Gets the database column names private function get_fields($stmt) { $meta = $stmt->result_metadata(); $fields = array(); while ($field = $meta->fetch_field()) $fields[] = $field->name; return $fields; } # Runs a statement and returns the number of rows affected # or the row number inserted private function statement($query, $param) { $sql = $this->connect(); $stmt = $this->prepare_and_execute($sql, $query, $param); $result = ($stmt->insert_id != 0) ? $stmt->insert_id : $stmt->affected_r ows; $stmt->close(); $this->disconnect($sql); return $result; }

# Example query with params public function login($usr, $psw) { $query = "SELECT userID FROM tblUser WHERE usrname=? AND usrpsw=?"; $param = array($usr, $psw); return $this->query($query, $param); # Returns one row: # $record[userID] } # Example query with no params public function get_users() { $query = "SELECT usrname, usrpsw FROM tblUser"; return $this->query_no_params($query); # Returns multiple rows # foreach ($record as $item) # echo "$item[usrname] $item[usrpsw]"; } # Example statement public function set_user($usr, $psw) { $query = "INSERT INTO tblUser(usrname, usrpsw) VALUES(?,?)"; $param = array($usr, $psw); return $this->statement($query, $param); # Returns the affected row number } } $data = new DataHandler(); # Example query # $record = $data->login($usr, $psw); ?>