Sigma-Website/load_more_profiles.php at main · Hariel16/Sigma-Website · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
require 'config.php';
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$lastId = isset($_GET['lastId']) ? (int)$_GET['lastId'] : 0;
$bac_year = isset($_GET['bac_year']) ? sanitize($_GET['bac_year']) : '';
$studies = isset($_GET['studies']) ? sanitize($_GET['studies']) : '';
$search = isset($_GET['search']) ? sanitize($_GET['search']) : '';
$sort_by = isset($_GET['sort_by']) ? sanitize($_GET['sort_by']) : 'full_name';
$sort_order = isset($_GET['sort_order']) && in_array(strtoupper($_GET['sort_order']), ['ASC', 'DESC']) ? strtoupper($_GET['sort_order']) : 'ASC';
$limit = 12;
$offset = $page * $limit;

$allowed_sort_columns = ['full_name', 'bac_year'];
if (!in_array($sort_by, $allowed_sort_columns)) {
    $sort_by = 'full_name';
}

$current_date = date('m-d');
$query = "SELECT id, full_name, email, birth_date, studies, bac_year, profile_picture,
          CASE WHEN DATE_FORMAT(birth_date, '%m-%d') = ? THEN 1 ELSE 0 END AS is_birthday
          FROM users WHERE id > ?";
$params = [$current_date, $lastId];
$types = 'si';
if ($bac_year) {
    $query .= " AND bac_year = ?";
    $params[] = $bac_year;
    $types .= 'i';
}
if ($studies) {
    $query .= " AND studies LIKE ?";
    $params[] = "%$studies%";
    $types .= 's';
}
if ($search) {
    $query .= " AND (full_name LIKE ? OR email LIKE ?)";
    $params[] = "%$search%";
    $params[] = "%$search%";
    $types .= 'ss';
}
$query .= " ORDER BY $sort_by $sort_order LIMIT ? OFFSET ?";
$params[] = $limit;
$params[] = $offset;
$types .= 'ii';

$stmt = $conn->prepare($query);
if ($params) {
    $stmt->bind_param($types, ...$params);
}
$stmt->execute();
$result = $stmt->get_result();
$profiles = $result->fetch_all(MYSQLI_ASSOC);
$stmt->close();

header('Content-Type: application/json');
echo json_encode(['profiles' => $profiles]);
?>