Strider64

I can answer number one and the answer is yes: <?php require_once __DIR__ . '/../config/starlite_config.php'; require_once "vendor/autoload.php"; and maybe number 4? public function logoff(): void { error_log("Starting logout process"); // Clear database token if (isset($_SESSION['user_id'])) { $sql = "UPDATE {$this->table} SET token = NULL WHERE id = :id"; $stmt = $this->pdo->prepare($sql); $stmt->execute(['id' => $_SESSION['user_id']]); } // Clear login cookie $isLocal = in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1']); $cookieDomain = $isLocal ? '' : 'www.phototechguru.com'; setcookie('login_token', '', [ 'expires' => time() - 3600, 'path' => '/', 'domain' => $cookieDomain, 'secure' => !$isLocal, 'httponly' => true, 'samesite' => 'Lax' ]); // Clear session $_SESSION = []; if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 3600, '/'); } session_destroy(); error_log("Logout complete"); header('Location: index.php'); exit(); }

You can always check to see if session is started: <?php // Include the configuration file and autoload file from the composer. require_once __DIR__ . '/../config/clearwebconfig.php'; require_once "vendor/autoload.php"; // Import the ErrorHandler and Database classes from the PhotoTech namespace. use clearwebconcepts\{ ErrorHandler, Database, LoginRepository as Login }; // Create an ErrorHandler instance $errorHandler = new ErrorHandler(); // Set the exception handler to use the ErrorHandler instance set_exception_handler([$errorHandler, 'handleException']); // Create a Database instance and establish a connection $database = new Database(); $pdo = $database->createPDO(); // Create a LoginRepository instance with the database connection $login = new Login($pdo); $checkStatus = new Login($pdo); // Start session if not already started if (session_status() == PHP_SESSION_NONE) { session_start(); } // Redirect to dashboard if the user is already logged in if ($login->check_login_token()) { header('Location: dashboard.php'); exit(); } // Generate a CSRF token if it doesn't exist and store it in the session if (!isset($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } // Detect environment $isLocal = in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1']); $cookieDomain = $isLocal ? '' : DOMAIN; $cookieSecure = !$isLocal; // Set to true on remote server // Process the login form submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Check if the submitted CSRF token matches the one stored in the session if (hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { // Sanitize the username and password input $username = strip_tags($_POST['username']); $password = $_POST['password']; // Verify the user's credentials if ($login->verify_credentials($username, $password)) { // Generate a secure login token $token = bin2hex(random_bytes(32)); // Store the login token in the database $login->store_token_in_database($_SESSION['user_id'], $token); // Set a secure cookie with the login token setcookie('login_token', $token, [ 'expires' => strtotime('+6 months'), 'path' => '/', 'domain' => $cookieDomain, // Adjusted for environment 'secure' => $cookieSecure, // Adjusted for environment 'httponly' => true, 'samesite' => 'Lax' ]); // Store the login token in the session $_SESSION['login_token'] = $token; // Redirect the user to the dashboard header('Location: dashboard.php'); exit; } else { // Log error message for invalid username or password $error = 'Invalid username or password'; error_log("Login error: " . $error); } } else { // Display an error message $error = 'Invalid CSRF token'; error_log("Login error: " . $error); $error = 'An error occurred. Please try again.'; } } // Generate a random nonce value $nonce = base64_encode(random_bytes(16)); ?> You can also make sessions persistent in your configuration and it's always best to start you session in your configuration file: session_set_cookie_params([ 'lifetime' => strtotime('+6 months'), 'path' => '/', 'domain' => 'localhost', 'secure' => false, // Since it's not HTTPS, set this to false 'httponly' => true, 'samesite' => 'Lax' ]); session_start(); ob_start(); // turn on output buffering if (empty($_SESSION['token'])) { try { $_SESSION['token'] = bin2hex(random_bytes(32)); } catch (Exception $e) { } } if (preg_match('/\.js$/', $_SERVER['REQUEST_URI'])) { return false; // Let the webserver handle JavaScript files }

I use Intervention using composer which is a very handy utility. // Load the image $image = Image::make($image_path); // Resize the image $image->resize(2048, 1365, function ($constraint) { $constraint->aspectRatio(); $constraint->upsize(); }); // Save the new image $image->save($image_path, 100); You can do other image manipulation with Intervention as well and pretty easily. I don't know if this is something you are looking for?

Yes, using fetch is easier in my opinion and here's an example of a page on my website (not the full code): 'use strict'; class ProductManager { constructor() { // DOM Elements this.category = document.querySelector('#category'); this.container = document.querySelector('.main_manager_container'); this.sidebar = document.querySelector('.sidebar_pages'); this.lightbox = document.querySelector('.lightbox'); // Pagination Configurations this.current_page = 1; this.per_page = 3; this.offset = 0; this.total_pages = 0; // Data fetched from the database this.database_data = { 'category': 'images', 'current_page': this.current_page, 'per_page': this.per_page, 'total_count': 0, 'offset': this.offset }; this.pages = [{}]; // Binding `this` context to methods this.categoryUISuccess = this.categoryUISuccess.bind(this); this.paginationUISuccess = this.paginationUISuccess.bind(this); this.resetLinks = this.resetLinks.bind(this); } // Handle fetch errors handleErrors(response) { if (!response.ok) { throw (response.status + ' : ' + response.statusText); } return response; } // Update the UI upon successfully fetching gallery category data async categoryUISuccess(parsedData) { this.clearContainer(); console.log('parsed data', parsedData); // Close the lightbox if it's open this.exitLightbox(); parsedData.forEach((slide, index) => { this.createSlide(slide, index); }); this.addImageListeners(); } // Clear all child elements of the container clearContainer() { while (this.container.firstChild) { this.container.removeChild(this.container.firstChild); } } // Function to truncate text and add a "More..." link addReadMore(paragraph) { const fullText = paragraph.textContent; const truncatedText = fullText.slice(0, 300) + '...'; // Adjust the number of characters as needed const moreLink = document.createElement('span'); moreLink.textContent = ' More...'; //moreLink.style.color = 'blue'; //moreLink.style.cursor = 'pointer'; paragraph.textContent = truncatedText; paragraph.appendChild(moreLink); paragraph.dataset.fullText = fullText; moreLink.addEventListener('click', function() { if (paragraph.textContent.includes('...')) { paragraph.textContent = paragraph.dataset.fullText; moreLink.textContent = ' Less'; } else { paragraph.textContent = truncatedText; paragraph.appendChild(moreLink); } }); } equalizeArticleHeights() { const articles = document.querySelectorAll('.article'); let maxHeight = 0; // Find the tallest article articles.forEach(article => { if (article.offsetHeight > maxHeight) { maxHeight = article.offsetHeight; } }); // Set all articles to the height of the tallest one articles.forEach(article => { article.style.minHeight = `${maxHeight}px`; }); } // Create individual gallery slides createSlide(slide) { const article = this.createElementWithClass('section', 'article'); this.container.appendChild(article); const largeImage = this.createElementWithClass('a', 'largeImage'); largeImage.href = "#"; largeImage.setAttribute('data-image', slide.image_path); // Updated part: Attach event listener to largeImage largeImage.addEventListener('click', (event) => { event.preventDefault(); // Prevent default anchor action this.handleImageClick(largeImage); }); article.appendChild(largeImage); console.log('largeImage', largeImage); const image = this.createElement('img', { src: slide.thumb_path, alt: slide.content, loading: 'lazy', class: 'imageStyle' }); largeImage.appendChild(image); const heading = this.createElementWithClassAndContent('h2', 'articleHeading', slide.heading); article.appendChild(heading); const paragraph = this.createElementWithClassAndContent('p', 'articleText', slide.content); article.appendChild(paragraph); // Truncate text and add "More..." link this.addReadMore(paragraph); this.equalizeArticleHeights(); } // Utility function to create an HTML element with attributes createElement(tag, attributes = {}) { const element = document.createElement(tag); Object.entries(attributes).forEach(([key, value]) => { element.setAttribute(key, value); }); return element; } createElementWithClass(tag, className) { const element = this.createElement(tag); element.className = className; return element; } createElementWithClassAndContent(tag, className, content) { const element = this.createElementWithClass(tag, className); element.textContent = content; return element; } // Add click event listeners to images to open in lightbox addImageListeners() { const images = document.querySelectorAll('img'); images.forEach(image => { image.addEventListener('click', () => this.handleImageClick(image)); }); } // Add click event listener to lightbox to close it addLightboxListener() { this.lightbox.addEventListener('click', () => { this.exitLightbox(); }); } // Updated handleImageClick to include title and content handleImageClick(anchor) { const largeImageUrl = anchor.getAttribute('data-image'); // Get large image URL const title = anchor.getAttribute('data-title'); // Assuming you add this attribute const content = anchor.getAttribute('data-content'); // Assuming you add this attribute // Clear and set up the lightbox this.lightbox.innerHTML = ''; // Clear previous content // Create and display the large image const largeImage = this.createElement('img', { src: largeImageUrl }); largeImage.classList.add('lightbox-image'); this.lightbox.appendChild(largeImage); // Create and append the title if (title) { const imageTitle = this.createElementWithClassAndContent('h2', 'lightbox-title', title); this.lightbox.appendChild(imageTitle); } // Create and append the content if (content) { const imageContent = this.createElementWithClassAndContent('p', 'lightbox-content', content); this.lightbox.appendChild(imageContent); } // Show the lightbox this.lightbox.style.display = 'block'; } // Close the lightbox exitLightbox() { this.lightbox.style.display = 'none'; // Hide the lightbox this.lightbox.innerHTML = ''; // Clear the lightbox content } // Handle errors when fetching gallery category data fails categoryUIError(error) { console.log("Database Table did not load", error); } // Send a request to the server to fetch images async createImageRequest(url, succeed, fail) { try { const response = await fetch(url, { method: 'POST', // or 'PUT' body: JSON.stringify(this.database_data), }); this.handleErrors(response); const data = await response.json(); succeed(data); } catch (error) { fail(error); } } // Clear all pagination links resetLinks() { /* Remove Links For Screen (cleanup) */ while (this.sidebar.firstChild) { this.sidebar.removeChild(this.sidebar.firstChild) } } // Update the UI with the received pagination data async paginationUISuccess(parsedData) { this.resetLinks(); this.database_data.offset = await parsedData.offset; this.total_pages = Math.ceil(this.database_data.total_count / this.database_data.per_page); /* Create the Display Links and add an event listener */ this.pages = [{}]; /* * Creating the array of page object(s) */ for (let x = 0; x < this.total_pages; x++) { this.pages[x] = {page: x + 1}; } this.pages.forEach(link_page => { const links = document.createElement('div'); links.className = 'links'; this.sidebar.appendChild(links); /* * Add event listener for the links */ links.addEventListener('click', () => { this.database_data.current_page = link_page.page; this.createRequest('portfolioPagination.php', this.paginationUISuccess, this.paginationUIError); }); const pageText = document.createElement('p'); pageText.className = 'linkStyle'; pageText.id = 'page_' + link_page.page; pageText.textContent = link_page.page; links.appendChild(pageText); if (this.database_data.current_page === link_page.page) { links.style.backgroundColor = "#00b28d"; } }) await this.createImageRequest('portfolioGetImages.php', this.categoryUISuccess, this.categoryUIError); } // Handle errors when fetching pagination data fails paginationUIError(error) { console.log("Database Table did not load", error); } // Send a request to the server async createRequest(url, succeed, fail) { try { const response = await fetch(url, { method: 'POST', // or 'PUT' body: JSON.stringify(this.database_data), }); this.handleErrors(response); const data = await response.json(); //console.log('count', data); succeed(data); } catch (error) { fail(error); } } // Send a request to get the total number of images in a category async updateTotalCountAndPagination() { await this.createRequest('getTotalCount.php', this.totalCountUISuccess.bind(this), this.totalCountUIError.bind(this)); } // Update the UI upon successfully fetching the total count totalCountUISuccess(parsedData) { this.database_data.total_count = parsedData.total_count; this.createRequest('portfolioPagination.php', this.paginationUISuccess.bind(this), this.paginationUIError.bind(this)); } // Handle errors when fetching the total count fails totalCountUIError(error) { console.log("Database Table did not load", error); } // Add event listeners to DOM elements bindEvents() { this.category.addEventListener('change', () => { this.database_data.current_page = 1; this.database_data.category = this.category.value; this.updateTotalCountAndPagination(); }); document.addEventListener('DOMContentLoaded', () => { this.createRequest('portfolioPagination.php', this.paginationUISuccess.bind(this), this.paginationUIError.bind(this)); }); } // Initialization function init() { this.addLightboxListener(); this.updateTotalCountAndPagination(); this.bindEvents(); } } const productManager = new ProductManager(); productManager.init(); and the main PHP file: <?php // Load the configuration settings and Composer's autoloader to manage dependencies. require_once __DIR__ . '/../config/clearwebconfig.php'; require_once "vendor/autoload.php"; // Import necessary classes from the clearwebconcepts namespace for error handling, database interaction, and image management. use clearwebconcepts\{ ErrorHandler, Database, ImageContentManager, }; // Create an instance of the ErrorHandler to handle exceptions throughout the script. $errorHandler = new ErrorHandler(); // Register the custom exception handler to delegate exception handling to the ErrorHandler class. set_exception_handler([$errorHandler, 'handleException']); // Initialize a Database instance and create a PDO connection for database access. $database = new Database(); $pdo = $database->createPDO(); // Placeholder for optional arguments that might be needed by the ImageContentManager. $args = []; // Create an instance of the ImageContentManager for managing image content in the specified portfolio gallery. $gallery = new ImageContentManager($pdo, $args, 'portfolio'); // Initialize an empty array to hold input data parsed from the request body. $database_data = []; try { /* * Attempt to retrieve and decode JSON input from the HTTP request body. * JSON_THROW_ON_ERROR ensures a JsonException is thrown in case of any decoding issues. */ $database_data = json_decode(file_get_contents('php://input'), true, 512, JSON_THROW_ON_ERROR); } catch (JsonException $e) { // Handle decoding errors silently; optional logging can be added here. } /* * Retrieve paginated image content from the ImageContentManager. * This method takes the number of items per page, the offset, the gallery type ('portfolio'), * and an optional category filter from the decoded input data. */ $send = $gallery->page( (int)$database_data['per_page'], (int)$database_data['offset'], 'portfolio', $database_data['category'] ); // Output the resulting image data to the client in JSON format. output($send); /** * Outputs the given data as a JSON response with HTTP 200 status. * * @param mixed $output The data to be encoded and sent in the HTTP response body. */ function output($output): void { http_response_code(200); try { // Encode the output data as JSON and send it to the client. echo json_encode($output, JSON_THROW_ON_ERROR); } catch (JsonException) { // Fail silently on JSON encoding errors; optional error handling can be added here. } } and the page itself: https://www.clearwebconcepts.com/portfolio.php

I use a `session token` in a configuration file: <?php // Set error reporting level error_reporting(E_ALL); // Disable display of errors ini_set('display_errors', '0'); // Enable error logging ini_set('log_errors', '1'); // Set the path for the error log file ini_set('error_log', __DIR__ . '/error_log/error_log_file.log'); session_set_cookie_params([ 'lifetime' => strtotime('+6 months'), 'path' => '/', 'domain' => 'localhost', 'secure' => false, // Since it's not HTTPS, set this to false 'httponly' => true, 'samesite' => 'Lax' ]); session_start(); ob_start(); // turn on output buffering if (empty($_SESSION['token'])) { try { $_SESSION['token'] = bin2hex(random_bytes(32)); } catch (Exception $e) { } } ini_set('memory_limit', '512M'); // Increase to 512MB that way when someone logins in -> // Process the login form submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Check if the submitted CSRF token matches the one stored in the session if (hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { // Sanitize the username and password input $username = strip_tags($_POST['username']); $password = $_POST['password']; // Verify the user's credentials if ($login->verify_credentials($username, $password)) { // Generate a secure login token $token = bin2hex(random_bytes(32)); // Store the login token in the database $login->store_token_in_database($_SESSION['user_id'], $token); // Set a secure cookie with the login token setcookie('login_token', $token, [ 'expires' => strtotime('+6 months'), 'path' => '/', 'domain' => $cookieDomain, // Adjusted for environment 'secure' => $cookieSecure, // Adjusted for environment 'httponly' => true, 'samesite' => 'Lax' ]); // Store the login token in the session $_SESSION['login_token'] = $token; // Redirect based on security level $securityLevel = $_SESSION['security_level']; if (in_array($securityLevel, ['admin','member','moderator', 'sysop'], true)) { header('Location: member.php'); } else { // Fallback for unexpected security levels header('Location: index.php'); } exit; } else { // Log error message for invalid username or password $error = 'Invalid username or password'; error_log("Login error: " . $error); } } else { // Display an error message $error = 'Invalid CSRF token'; error_log("Login error: " . $error); $error = 'An error occurred. Please try again.'; } } // Generate a random nonce value $nonce = base64_encode(random_bytes(16)); and here's my verification of the login credentials: public function verify_credentials($username, $password): bool { $sql = "SELECT id, password, security FROM {$this->table} WHERE username = :username LIMIT 1"; $stmt = $this->pdo->prepare($sql); $stmt->execute(['username' => $username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && password_verify($password, $user['password'])) { session_regenerate_id(true); // Prevent session fixation attacks $_SESSION['user_id'] = $user['id']; $_SESSION['security_level'] = $user['security']; // Store user's role return true; } return false; } The only thing I put in session is the user's id and `security level` , plus logging out relatively easy: logout.php <?php // Include the configuration file and autoload file from the composer. require_once __DIR__ . '/../config/starlite_config.php'; require_once "vendor/autoload.php"; // Import the ErrorHandler and Database classes from the PhotoTech namespace. use clearwebconcepts\{ ErrorHandler, Database, LoginRepository as Login }; $errorHandler = new ErrorHandler(); $database = new Database(); $pdo = $database->createPDO(); $loginRepository = new Login($pdo); $loginRepository->logoff(); and the method (function): public function logoff(): void { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 3600, '/'); } if (isset($_SESSION['user_id'])) { $sql = "UPDATE {$this->table} SET token = NULL WHERE id = :id"; $stmt = $this->pdo->prepare($sql); $stmt->execute(['id' => $_SESSION['user_id']]); } $_SESSION = []; session_destroy(); header('Location: index.php'); exit(); } This might give you some ideas or help a little? 🤷‍♂️

I've chosen to use PHPStorm as my development environment, and I've developed a unique approach to coding that doesn't rely on frameworks. Having never been a coffee drinker, I've always had to find alternative ways to stay focused, and I've found that my self-built class library allows me to work efficiently without the need for external frameworks. As I've grown older, I've come to realize that learning new frameworks may not be the best use of my time, especially considering my age and the competitive job market. Instead, I've decided to focus on solo projects, where I can leverage my existing knowledge and experience to deliver high-quality results.

I use the `Intervention` library as it make handling images easier. Here's how to rotate an image use Intervention\Image\ImageManager; $image = (new ImageManager())->make('public/image.jpg')->rotate(45)->save('public/rotated_image.jpg'); and here's an upload script from my website that might help? <?php // Include the configuration file and autoload file from the composer. require_once __DIR__ . '/../config/clearwebconfig.php'; require_once "vendor/autoload.php"; use Intervention\Image\ImageManagerStatic as Image; // Import the ErrorHandler and Database classes from the clearwebconcepts namespace. use clearwebconcepts\{ ErrorHandler, Database, ImageContentManager, LoginRepository as Login }; $errorHandler = new ErrorHandler(); // Register the exception handler method set_exception_handler([$errorHandler, 'handleException']); $database = new Database(); $pdo = $database->createPDO(); $checkStatus = new Login($pdo); // To check for either 'member' or 'sysop' if ($checkStatus->check_security_level(['sysop'])) { // Grant access } else { // Access denied header('location: dashboard.php'); exit(); } function is_ajax_request(): bool { return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'; } $save_result = false; if (($_SERVER['REQUEST_METHOD'] === 'POST') && isset($_FILES['image'])) { $data = $_POST['cms']; $data['content'] = trim($data['content']); $errors = array(); $exif_data = []; $file_name = $_FILES['image']['name']; // Temporary file: $file_size = $_FILES['image']['size']; $file_tmp = $_FILES['image']['tmp_name']; $thumb_tmp = $_FILES['image']['tmp_name']; $file_type = $_FILES['image']['type']; $file_ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION)); /* * Set EXIF data info of image for database table that is * if it contains the info otherwise set to null. */ if ($file_ext === 'jpeg' || $file_ext === 'jpg') { $exif_data = exif_read_data($file_tmp); if (array_key_exists('Make', $exif_data) && array_key_exists('Model', $exif_data)) { $data['Model'] = $exif_data['Make'] . ' ' . $exif_data['Model']; } if (array_key_exists('ExposureTime', $exif_data)) { $data['ExposureTime'] = $exif_data['ExposureTime'] . "s"; } if (array_key_exists('ApertureFNumber', $exif_data['COMPUTED'])) { $data['Aperture'] = $exif_data['COMPUTED']['ApertureFNumber']; } if (array_key_exists('ISOSpeedRatings', $exif_data)) { $data['ISO'] = "ISO " . $exif_data['ISOSpeedRatings']; } if (array_key_exists('FocalLengthIn35mmFilm', $exif_data)) { $data['FocalLength'] = $exif_data['FocalLengthIn35mmFilm'] . "mm"; } } else { $data['Model'] = null; $data['ExposureTime'] = null; $data['Aperture'] = null; $data['ISO'] = null; $data['FocalLength'] = null; } $data['content'] = trim($data['content']); $extensions = array("jpeg", "jpg", "png"); if (in_array($file_ext, $extensions, true) === false) { $errors[] = "extension not allowed, please choose a JPEG or PNG file."; } if ($file_size >= 58720256) { $errors[] = 'File size must be less than or equal to 42 MB'; } /* * Create unique name for image. */ $image_random_string = bin2hex(random_bytes(16)); $image_path = 'assets/image_path/img-entry-' . $image_random_string . '-2048x1365' . '.' . $file_ext; $thumb_path = 'assets/thumb_path/thumb-entry-' . $image_random_string . '-600x400' . '.' . $file_ext; move_uploaded_file($file_tmp, $image_path); move_uploaded_file($thumb_tmp, $thumb_path); // Load the image $image = Image::make($image_path); // Resize the image $image->resize(2048, 1365, function ($constraint) { $constraint->aspectRatio(); $constraint->upsize(); }); // Save the new image $image->save($image_path, 100); // Load the image with Intervention Image $image = Image::make($image_path); // Resize the image while maintaining the aspect ratio $image->resize(600, 400, function ($constraint) { $constraint->aspectRatio(); $constraint->upsize(); }); // Save the thumbnail $image->save($thumb_path, 100); $data['image_path'] = $image_path; $data['thumb_path'] = $thumb_path; /* * If no errors save ALL the information to the * database table. */ if (empty($errors) === true) { // Save to Database Table CMS $timezone = new DateTimeZone('America/Detroit'); // Use your timezone here $today = new DateTime('now', $timezone); $data['date_updated'] = $data['date_added'] = $today->format("Y-m-d H:i:s"); $cms = new ImageContentManager($pdo, $data); $result = $cms->create(); if ($result) { header('Content-Type: application/json'); echo json_encode(['status' => 'success']); exit(); } } else { if (is_ajax_request()) { // Send a JSON response with errors for AJAX requests header('Content-Type: application/json'); echo json_encode(['status' => 'error', 'errors' => $errors]); } } }

This might help as it comes from an old site that I did -> if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (isset($_GET['category'])) { $category = $_GET['category']; } else { error_log('Category is not set in the GET data'); $category = 'general'; } $total_count = $cms->countAllPage($category); } else { try { $category = 'general'; $total_count = $cms->countAllPage($category); } catch (Exception $e) { error_log('Error while counting all pages: ' . $e->getMessage()); } } /* * Using pagination in order to have a nice looking * website page. */ // Grab the current page the user is on if (isset($_GET['page']) && !empty($_GET['page'])) { $current_page = urldecode($_GET['page']); } else { $current_page = 1; } $per_page = 2; // Total number of records to be displayed: // Grab Total Pages $total_pages = $cms->total_pages($total_count, $per_page); /* Grab the offset (page) location from using the offset method */ /* $per_page * ($current_page - 1) */ $offset = $cms->offset($per_page, $current_page); // Figure out the Links that you want the display to look like $links = new Links($current_page, $per_page, $total_count, $category); // Finally grab the records that are actually going to be displayed on the page $records = $cms->page($per_page, $offset, 'cms', $category); and the retrieval -> $sql = 'SELECT * FROM '. $this->table . ' WHERE page =:page AND category =:category ORDER BY id DESC, date_added DESC LIMIT :perPage OFFSET :blogOffset'; $stmt = $this->pdo->prepare($sql); // Prepare the query: $stmt->execute(['page' => $page, 'perPage' => $perPage, 'category' => $category, 'blogOffset' => $offset]); // Execute the query with the supplied data: return $stmt->fetchAll(PDO::FETCH_ASSOC); It's kind of Sudo code, but I think you will get the drift.

How about something like this? <?php $currentpage = $_SERVER['REQUEST_URI']; if ($currentpage == '/' || $currentpage == '/index.php') { // Code for root or index.php page } else { // Code for other pages } ?>

I simply used define('BASE_PATH', realpath(__DIR__)); in a configuration file then on the page itself just use something like this at the top of page - <?php // Include the configuration file and autoload file from the composer. require_once __DIR__ . '/../config/config.php'; require_once "vendor/autoload.php"; If you plan to use $server_name later in your code to construct paths or URLs that involve the server. Then do this in the configuration file -> $server_name = filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_URL) An example : <?php // Get the server name and sanitize it. $server_name = filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_URL); // Construct the base URL using the server name. $base_url = "https://" . $server_name . "/"; // Construct the URL for loading the CSS file. $css_file_url = $base_url . "css/styles.css"; ?> <link rel="stylesheet" href="<?php echo $css_file_url; ?>">

All you need is the `username` and `password` to get the user's credentials and you really should just store the `id` or `username` in sessions as you can pull the other information of the user when you need it from the database table. and example of my login -> public function verify_credentials($username, $password): bool { $sql = "SELECT id, password FROM admins WHERE username =:username LIMIT 1"; $user = $this->retrieve_credentials($sql, $username); if ($user && password_verify($password, $user['password'])) { session_regenerate_id(); // prevent session fixation attacks $_SESSION['user_id'] = $user['id']; return true; } return false; } protected function retrieve_credentials(string $sql, string $username): ?array { $stmt = $this->pdo->prepare($sql); $stmt->execute(['username' => $username]); $result = $stmt->fetch(PDO::FETCH_ASSOC); return $result !== false ? $result : null; } It's a method part of a class that I wrote, but basically it's a function and could easily be written in procedural style. This is just an example.

I would suggest using Intervention Library as it makes handling images so much easier. I use the following for my own website -> <?php // Include the configuration file and autoload file from the composer. require_once __DIR__ . '/../config/clearwebconfig.php'; require_once "vendor/autoload.php"; use Intervention\Image\ImageManagerStatic as Image; // Import the ErrorHandler and Database classes from the clearwebconcepts namespace. use clearwebconcepts\{ ErrorHandler, Database, ImageContentManager, LoginRepository as Login }; $errorHandler = new ErrorHandler(); // Register the exception handler method set_exception_handler([$errorHandler, 'handleException']); $database = new Database(); $pdo = $database->createPDO(); $checkStatus = new Login($pdo); // To check for either 'member' or 'sysop' if ($checkStatus->check_security_level(['sysop'])) { // Grant access } else { // Access denied header('location: dashboard.php'); exit(); } function is_ajax_request(): bool { return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'; } $save_result = false; if (($_SERVER['REQUEST_METHOD'] === 'POST') && isset($_FILES['image'])) { $data = $_POST['cms']; $data['content'] = trim($data['content']); $errors = array(); $exif_data = []; $file_name = $_FILES['image']['name']; // Temporary file: $file_size = $_FILES['image']['size']; $file_tmp = $_FILES['image']['tmp_name']; $thumb_tmp = $_FILES['image']['tmp_name']; $file_type = $_FILES['image']['type']; $file_ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION)); /* * Set EXIF data info of image for database table that is * if it contains the info otherwise set to null. */ if ($file_ext === 'jpeg' || $file_ext === 'jpg') { $exif_data = exif_read_data($file_tmp); if (array_key_exists('Make', $exif_data) && array_key_exists('Model', $exif_data)) { $data['Model'] = $exif_data['Make'] . ' ' . $exif_data['Model']; } if (array_key_exists('ExposureTime', $exif_data)) { $data['ExposureTime'] = $exif_data['ExposureTime'] . "s"; } if (array_key_exists('ApertureFNumber', $exif_data['COMPUTED'])) { $data['Aperture'] = $exif_data['COMPUTED']['ApertureFNumber']; } if (array_key_exists('ISOSpeedRatings', $exif_data)) { $data['ISO'] = "ISO " . $exif_data['ISOSpeedRatings']; } if (array_key_exists('FocalLengthIn35mmFilm', $exif_data)) { $data['FocalLength'] = $exif_data['FocalLengthIn35mmFilm'] . "mm"; } } else { $data['Model'] = null; $data['ExposureTime'] = null; $data['Aperture'] = null; $data['ISO'] = null; $data['FocalLength'] = null; } $data['content'] = trim($data['content']); $extensions = array("jpeg", "jpg", "png"); if (in_array($file_ext, $extensions, true) === false) { $errors[] = "extension not allowed, please choose a JPEG or PNG file."; } if ($file_size >= 58720256) { $errors[] = 'File size must be less than or equal to 42 MB'; } /* * Create unique name for image. */ $image_random_string = bin2hex(random_bytes(16)); $image_path = 'assets/image_path/img-entry-' . $image_random_string . '-2048x1365' . '.' . $file_ext; $thumb_path = 'assets/thumb_path/thumb-entry-' . $image_random_string . '-600x400' . '.' . $file_ext; move_uploaded_file($file_tmp, $image_path); move_uploaded_file($thumb_tmp, $thumb_path); // Load the image $image = Image::make($image_path); // Resize the image $image->resize(2048, 1365, function ($constraint) { $constraint->aspectRatio(); $constraint->upsize(); }); // Save the new image $image->save($image_path, 100); // Load the image with Intervention Image $image = Image::make($image_path); // Resize the image while maintaining the aspect ratio $image->resize(600, 400, function ($constraint) { $constraint->aspectRatio(); $constraint->upsize(); }); // Save the thumbnail $image->save($thumb_path, 100); $data['image_path'] = $image_path; $data['thumb_path'] = $thumb_path; /* * If no errors save ALL the information to the * database table. */ if (empty($errors) === true) { // Save to Database Table CMS $timezone = new DateTimeZone('America/Detroit'); // Use your timezone here $today = new DateTime('now', $timezone); $data['date_updated'] = $data['date_added'] = $today->format("Y-m-d H:i:s"); $cms = new ImageContentManager($pdo, $data); $result = $cms->create(); if ($result) { header('Content-Type: application/json'); echo json_encode(['status' => 'success']); exit(); } } else { if (is_ajax_request()) { // Send a JSON response with errors for AJAX requests header('Content-Type: application/json'); echo json_encode(['status' => 'error', 'errors' => $errors]); } } } I log my errors to a log file that I can only see and a person needs to be login to my website even to upload a file. Maybe the above can you help you out a little. Just remember nothing is full proof, but you should make the code as tight as possible.

If you are trying to enter data, but you don't know exactly how many fields (columns) you are going to be saving to the table then you could do something like the following. Though would still need the correct table's column names and the corresponding data that goes with it. Here's an example -> function create(array $data, $pdo, $table) { try { /* Initialize an array */ $attribute_pairs = []; /* * Set up the query using prepared states with the values of the array matching * the corresponding keys in the array * and the array keys being the prepared named placeholders. */ $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", array_keys($data)) . ')'; $sql .= ' VALUES ( :' . implode(', :', array_keys($data)) . ')'; /* * Prepare the Database Table: */ $stmt = $pdo->prepare($sql); /* * Grab the corresponding values in order to * insert them into the table when the script * is executed. */ foreach ($data as $key => $value) { if($key === 'id') { continue; } // Don't include the id: $attribute_pairs[] = $value; // Assign it to an array: } return $stmt->execute($attribute_pairs); // Execute and send boolean true: } catch (PDOException $e) { if ($e->errorInfo[1] === 1062) { return false; } throw $e; } catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n"; // Not for a production server: } return true; }

Here's a countdown clock that I did years ago, but I recently updated it a couple of months ago. countdown.js file "use strict"; /** * Calculates the time remaining until a specified end time. * @param {string} endtime - The end time in a format parseable by Date.parse. * @returns {object} An object containing the total milliseconds and the breakdown in days, hours, minutes, and seconds. */ const getTimeRemaining = (endtime) => { const total = Date.parse(endtime) - Date.now(); // Calculate the difference in milliseconds from now to the end time return { total, days: Math.floor(total / (1000 * 60 * 60 * 24)), // Convert milliseconds to days hours: Math.floor((total / (1000 * 60 * 60)) % 24), // Convert milliseconds to hours, modulo 24 minutes: Math.floor((total / 1000 / 60) % 60), // Convert milliseconds to minutes, modulo 60 seconds: Math.floor((total / 1000) % 60) // Convert milliseconds to seconds, modulo 60 }; }; /** * Initializes a countdown clock on the webpage. * @param {string} id - The ID suffix of the countdown clock container. * @param {Date} endtime - The countdown end time. */ const initializeClock = (id, endtime) => { const clock = document.getElementById(`display_clock${id}`); // Access the clock element by ID if (!clock) { console.error(`Clock with id 'display_clock${id}' not found.`); return; // Exit if no element is found } // Map each time unit to its corresponding DOM element within the clock container const fields = ['days', 'hours', 'minutes', 'seconds'].map(field => clock.querySelector(`.${field}`) ); if (fields.some(element => element === null)) { // Check if any elements are missing console.error('One or more clock elements not found:', fields); return; // Exit if missing elements are found } // Updates the countdown clock display every second const updateClock = () => { const { total, days, hours, minutes, seconds } = getTimeRemaining(endtime); // Update each field in the DOM with the new time [days, hours, minutes, seconds].forEach((val, i) => { fields[i].textContent = String(val).padStart(2, '0'); // Format with leading zeros }); if (total <= 0) { clock.textContent = "Contest Finished, entry time expired"; clearInterval(timeInterval); // Stop the timer if the countdown is complete } }; updateClock(); const timeInterval = setInterval(updateClock, 1000); // Set the timer to update every second }; /** * Fetches the countdown data and initializes the clock using that data. */ const fetchRoutine = () => { fetch('data.json') // Fetch the countdown data from a local JSON file .then(response => response.json()) .then(data => { document.getElementById("countdown_date").textContent = data.date_format; // Set the formatted date document.getElementById("display_title").textContent = data.title; // Set the event title initializeClock(1, new Date(Date.parse(data.time_left))); // Initialize the clock with the fetched data }) .catch(error => { console.error('Fetch error:', error); // Log any errors during fetch }); }; // Ensure all DOM content is loaded before executing the fetch routine. document.addEventListener('DOMContentLoaded', fetchRoutine); it pulls in data from data.json file { "time_left": "2024-08-27T11:59:59-04:00", "date_format": "Tuesday - August 28, 2024", "title": "Countdown to " } here is the HTML file: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Countdown Clock</title> <link rel="stylesheet" href="reset.css"> <link rel="stylesheet" href="countdown.css"> </head> <body> <div class="info"> <h1 id="display_title"></h1> <h2 id="countdown_date"></h2> </div> <div id="display_clock1"> <figure class="box"> <div class="days"></div> <figcaption>Days</figcaption> </figure> <figure class="box"> <div class="hours"></div> <figcaption>Hours</figcaption> </figure> <figure class="box"> <div class="minutes"></div> <figcaption>Minutes</figcaption> </figure> <figure class="box"> <div class="seconds"></div> <figcaption>Seconds</figcaption> </figure> </div> <script src="countdown.js"></script> </body> </html> and even the css file countdown.css *{ -webkit-box-sizing: border-box; box-sizing: border-box; } div.info { display: block; width: 100%; max-width: 300px; height: auto; text-align: center; padding: 2px; margin: 10px auto; } div.info::after { content: ''; display: block; clear: both; } h1 { font-family: "Palatino Linotype", "Book Antiqua", Palatino, serif; font-size: 1.2em; line-height: 1.5; } h2 { font-family: Arial, Helvetica, sans-serif; font-size: 1.0em; font-style: italic; font-weight: 300; } div#display_clock1 { display: block; width: 100%; max-width: 190px; height: auto; margin: 5px auto; background-color: pink; } div#display_clock1 figure.box { float: left; display: block; width: 100%; max-width: 40px; height: 70px; color: #fff; text-align: center; padding: 0; margin-left: 5px; } div#display_clock1 figure.box div { background-color: #2e2e2e; height: 50px; line-height: 50px; } div#display_clock1 figure.box figcaption { font-family: Arial, Helvetica, sans-serif; font-size: 0.6em; line-height: 20px; font-weight: bold; color: #000; } It's a simple countdown clock, but can be modify to enhance. I did check it out that it still runs properly. Fetching the clock can be modify to add even more countdown counters by the `id` in this example there is only 1.

Ever since AI I have seen tech forums like this one become very quiet which isn't surprising.

I didn't create a Model, but a trait though maybe it will give you some ideas? <?php // NavigationMenuTrait.php namespace clearwebconcepts; use function htmlspecialchars; use function hash_equals; trait NavigationMenuTrait { public function regular_navigation(): void { $navItems = [ 'Home' => 'index.php', 'About' => 'about.php', 'Puzzle' => 'puzzle.php', 'Portfolio' => 'portfolio.php', 'Contact' => 'contact.php' ]; // Check if the user is logged in $isLoggedIn = isset($_COOKIE['login_token']) && isset($_SESSION['login_token']) && hash_equals($_SESSION['login_token'], $_COOKIE['login_token']); if ($isLoggedIn) { unset($navItems['Home']); // Remove 'Home' from the navigation menu // Add 'Dashboard' to the start of the navigation menu $navItems = array('Dashboard' => 'dashboard.php') + $navItems; } else { $navItems['Login'] = 'login.php'; // Add 'Login' to the navigation menu } $navLinks = []; foreach ($navItems as $title => $path) { $href = $this->generateHref($path); $safeTitle = htmlspecialchars($title, ENT_QUOTES, 'UTF-8'); $navLinks[] = "<a href=\"{$href}\">{$safeTitle}</a>"; } // Check if the user is logged in if ($isLoggedIn) { $navLinks[] = '<a href="logout.php">Logout</a>'; // Add 'Logout' to the end of the navigation menu } echo implode('', $navLinks); } public function showAdminNavigation(): void { $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https://' : 'http://'; $host = $_SERVER['HTTP_HOST']; // Define your base path here $base_path = ($host === 'localhost:8888') ? '/clearwebconcepts' : ''; $base_url = $protocol . $host . $base_path; $adminItems = [ 'Create Entry' => $base_url . '/create_cms.php', 'Edit Entry' => $base_url . '/edit_cms.php', 'Add to Portfolio' => $base_url . '/new_portfolio.php', 'Edit Portfolio Page' => $base_url . '/edit_portfolio.php', 'Add Jigsaw' => $base_url . '/add_to_puzzle.php', 'Edit Jigsaw' => $base_url . '/edit_puzzle.php', 'Service Form' => $base_url . '/service_form.php' ]; echo '<div class="admin-navigation">'; foreach ($adminItems as $adminTitle => $adminPath) { $adminSafeTitle = htmlspecialchars($adminTitle, ENT_QUOTES, 'UTF-8'); echo "<a href=\"{$adminPath}\">{$adminSafeTitle}</a>"; } echo '</div>'; } private function generateHref(string $path): string { $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https://' : 'http://'; $host = $_SERVER['HTTP_HOST']; // Define your base path here $base_path = ($host === 'localhost:8888') ? '/clearwebconcepts' : ''; $base_url = $protocol . $host . $base_path; // Build the URL first, then validate it $url = $base_url . '/' . $path; $sanitized_url = filter_var($url, FILTER_SANITIZE_URL); $valid_url = filter_var($sanitized_url, FILTER_VALIDATE_URL); if ($valid_url === false) { die('Invalid URL'); } return $valid_url; } }

I create a simple error log for my own use and it comes in handy in debugging without the user knowing about it. I even created a simple error handler to sort the errors. class ErrorHandler implements ErrorHandlerInterface { public function handleException(Throwable $e): void { if ($e instanceof PDOException) { error_log('PDO Error: ' . $e->getMessage()); } elseif ($e instanceof JsonException) { error_log('JSON Error: ' . $e->getMessage()); } else { error_log('General Error: ' . $e->getMessage()); } } } and in my configuration file // Set the path for the error log file ini_set('error_log', __DIR__ . '/error_log/error_log_file.log'); this is the most import. part errors isn't seen by the public.

Here's my query -> $sql = 'SELECT * FROM '. $this->table . ' WHERE page =:page AND category =:category ORDER BY id DESC, date_added DESC LIMIT :perPage OFFSET :blogOffset'; it might help?

That sure seems like a strange way in doing pagination. In my opinion the data should be come from a database table and broken down to something like the following -> // Grab the current page the user is on if (isset($_GET['page']) && !empty($_GET['page'])) { $current_page = urldecode($_GET['page']); } else { $current_page = 1; } $per_page = 2; // Total number of records to be displayed: // Grab Total Pages $total_pages = $cms->total_pages($total_count, $per_page); /* Grab the offset (page) location from using the offset method */ /* $per_page * ($current_page - 1) */ $offset = $cms->offset($per_page, $current_page); // Figure out the Links that you want the display to look like $links = new Links($current_page, $per_page, $total_count, $category); // Finally grab the records that are actually going to be displayed on the page $records = $cms->page($per_page, $offset, 'cms', $category); that way all you have to do is format. the HTML using CSS -> <main class="main_container" itemprop="mainContentOfPage"> <?php foreach ($records as $record) { $imagePath = htmlspecialchars($record['image_path'], ENT_QUOTES, 'UTF-8'); $heading = htmlspecialchars($record['heading'], ENT_QUOTES, 'UTF-8'); $content = htmlspecialchars($record['content'], ENT_QUOTES, 'UTF-8'); echo '<div class="image-header">'; echo '<img src="' . $imagePath . '" title="' . $heading . '" alt="' . $heading . '">'; echo '</div>'; echo '<h1>' . $heading . '</h1>'; echo '<p>' . nl2br($content) . '</p>'; echo '<br><hr><br>'; } ?> </main> The above is just an example, but if you breakdown the HTML/Code in smaller sections it's easier to read & debug. There are a lot of good pagination tutorials online.

First get the PDO connection out of the function as that will cause you nothing but headaches. Here's an example of a generic PDO connection -> <?php $host = '127.0.0.1'; // or your database host $db = 'your_database_name'; $user = 'your_database_username'; $pass = 'your_database_password'; $charset = 'utf8mb4'; $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; try { $pdo = new PDO($dsn, $user, $pass, $options); // Use $pdo to perform database operations } catch (\PDOException $e) { throw new \PDOException($e->getMessage(), (int)$e->getCode()); } ?> I would put this in a configuration file maybe name it config.php file? My example would entail explaining OOP, so maybe someone else will do a better example for you. But here is how I do it -> $sql = "SELECT id, password FROM admins WHERE username =:username LIMIT 1"; $user = $this->retrieve_credentials($sql, $username); if ($user && password_verify($password, $user['password'])) { session_regenerate_id(); // prevent session fixation attacks $_SESSION['user_id'] = $user['id']; return true; } return false; and little more code protected function retrieve_credentials(string $sql, string $username): ?array { $stmt = $this->pdo->prepare($sql); $stmt->execute(['username' => $username]); $result = $stmt->fetch(PDO::FETCH_ASSOC); return $result !== false ? $result : null; }

Studying design patterns such as MVC (Model-View-Controller) and Active Record Design has enhanced my understanding of Object-Oriented Programming (OOP). Although many prefer Model-View-Controller, I found Active Record Design more helpful in solidifying my grasp of OOP. One constant with OOP is that there's always something new to learn, and there's always someone with a deeper understanding of it. I believe that beginners often find the structure of Object-Oriented Programming (OOP) challenging. Here's an example from some code on my website to illustrate this. -> // Display Record(s) by Pagination public function page($perPage, $offset, $page = "index", $category = "general"): array { $sql = 'SELECT * FROM '. $this->table . ' WHERE page =:page AND category =:category ORDER BY id ASC, date_added DESC LIMIT :perPage OFFSET :blogOffset'; $stmt = $this->pdo->prepare($sql); // Prepare the query: $stmt->execute(['page' => $page, 'perPage' => $perPage, 'category' => $category, 'blogOffset' => $offset]); // Execute the query with the supplied data: return $stmt->fetchAll(PDO::FETCH_ASSOC); } Initially, I would mix up my code by writing `$sql` and `$this->sql`, which made things confusing for me. However, everyone has their unique journey in learning Object-Oriented Programming (OOP). By coding in this manner, I'm able to more clearly identify key OOP components, such as recognizing `$this->pdo` and understanding that `$stmt->fetchAll(PDO::FETCH_ASSOC)` is an example of object-oriented code.

My approach would be to divide the content into three files, although it's feasible to combine everything into a single file. Nonetheless, I'd still make an effort to keep the code and HTML distinct and separate as much as possible. Client's search page - example clients.php (form to search) JavaScript file - example clients.js PHP search results file - example client_results.php Here's an example of what I'm trying to express: My HTML form (edit_cms.php): <div class="search-form-container"> <form id="searchForm"> <div class="input-group"> <label for="heading">Heading:</label> <select class="select-css" id="heading" name="heading"> <option value="" disabled selected>Select Heading</option> <?php foreach ($records as $record) { echo '<option value="' . $record['heading'] . '">' . $record['heading'] . '</option>'; } ?> </select> </div> <div class="input-group"> <label for="searchTerm">Search Product Content:</label> <input type="text" placeholder="Search Content" id="searchTerm" class="input-field" autofocus required> </div> <button class="search_button" type="submit">Search</button> </form> </div> A little bit of my JavaScript code (edit_cms.js): async function displayRecord(searchTerm = null, selectedHeading = null) { const requestData = {}; if(searchTerm !== null) requestData.searchTerm = searchTerm; if(selectedHeading !== null) requestData.heading = selectedHeading; try { const response = await fetch("search_cms_records.php", { method: "POST", headers: { "Content-Type": "application/json", }, body: JSON.stringify(requestData), }); const data = await response.json(); console.log(data); // Add this line if (data.message) { resultInput.value = ''; resultInput.placeholder = data.message; } else if (data.error) { console.error(data.error); } else { const row = data[0]; console.log(row); idInput.value = row.id; image_for_edit_record.src = row.thumb_path; image_for_edit_record.alt = row.heading; category.value = row.category; category.textContent = `${row.category.charAt(0).toUpperCase()}${row.category.slice(1)}`; heading.value = row.heading; content.value = row.content; resizeTextarea(content); } } catch (error) { console.error("Error:", error); } } and my PHP file with a little bit of the code that gets the results (search_cms_records.php): // Get the request body and decode it as JSON. $request = json_decode(file_get_contents('php://input'), true); // Extract the search term and heading from the request, if they exist. $searchTerm = $request['searchTerm'] ?? null; $heading = $request['heading'] ?? null; // If a search term was provided, use a full-text search on the 'content' field. // Before this can work, you'll need to make sure your content column is indexed for full-text searching. // You can do this with the following SQL command: // Example: // ALTER TABLE cms ADD FULLTEXT(content); if($searchTerm !== null) { $sql = "SELECT * FROM cms WHERE MATCH(content) AGAINST(:searchTerm IN NATURAL LANGUAGE MODE) LIMIT 1"; $stmt = $pdo->prepare($sql); $stmt->bindValue(':searchTerm', $searchTerm); // If a heading was provided, search for exact matches on the 'heading' field. } else if($heading !== null) { $sql = "SELECT * FROM cms WHERE heading = :heading LIMIT 1"; $stmt = $pdo->prepare($sql); $stmt->bindValue(':heading', $heading); // If neither a search term nor a heading was provided, throw an exception. } else { throw new Exception("No valid search term or heading provided"); } // Execute the prepared statement. $stmt->execute(); // Fetch the results and handle them as needed. $results = $stmt->fetchAll(PDO::FETCH_ASSOC); // If results were found, return them to the client as JSON. if ($results) { echo json_encode($results); } else { echo json_encode(['message' => 'No results found.']); } My argument is that debugging becomes simpler when most of the code is organized and separated as much as possible within its respective programming language.

There's no `WHERE` in `INSERT INTO`

I personally find it better to have the configuration file outside the root directory require_once __DIR__ . '/../config/config.php'; // Goes one up from the root / directory

Instead of using `if` statements you should be using `functions`, plus PHP has a great way of doing pagination (The following is just an example of what I'm talking about) -> // Display Record(s) by Pagination public function page($perPage, $offset, $page = "index", $category = "general"): array { $sql = 'SELECT * FROM '. $this->table . ' WHERE page =:page AND category =:category ORDER BY id ASC, date_added DESC LIMIT :perPage OFFSET :blogOffset'; $stmt = $this->pdo->prepare($sql); // Prepare the query: $stmt->execute(['page' => $page, 'perPage' => $perPage, 'category' => $category, 'blogOffset' => $offset]); // Execute the query with the supplied data: return $stmt->fetchAll(PDO::FETCH_ASSOC); } I would look into pagination tutorials as that will save you a lot headaches.