From c62f212d73ff409862c319388feeeeeb30d6bd35 Mon Sep 17 00:00:00 2001 From: Nate Date: Fri, 26 Jul 2019 09:41:41 -0600 Subject: [PATCH] Database class integration. --- app/contacts/contact_url_delete.php | 32 ++--- app/contacts/contact_url_edit.php | 139 ++++++++++---------- app/contacts/contact_urls.php | 26 ++-- app/contacts/contact_user_delete.php | 22 ++-- app/contacts/contacts.php | 182 +++++++++++++++------------ app/contacts/contacts_vcard.php | 145 +++++++++++---------- 6 files changed, 286 insertions(+), 260 deletions(-) diff --git a/app/contacts/contact_url_delete.php b/app/contacts/contact_url_delete.php index de5a64a928..b582e4cfe5 100644 --- a/app/contacts/contact_url_delete.php +++ b/app/contacts/contact_url_delete.php @@ -38,24 +38,24 @@ else { $language = new text; $text = $language->get(); -if (count($_GET)>0) { - $id = check_str($_GET["id"]); - $contact_uuid = check_str($_GET["contact_uuid"]); +$contact_url_uuid = $_GET["id"]; +$contact_uuid = $_GET["contact_uuid"]; + +if (is_uuid($contact_url_uuid) && is_uuid($contact_uuid)) { + + $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid; + $array['contact_urls'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } -if (strlen($id)>0) { - $sql = ""; - $sql .= "delete from v_contact_urls "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_url_uuid = '".$id."' "; - - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); -} - -message::add($text['message-delete']); header("Location: contact_edit.php?id=".$contact_uuid); -return; +exit; ?> \ No newline at end of file diff --git a/app/contacts/contact_url_edit.php b/app/contacts/contact_url_edit.php index 479a497475..1dc290e6da 100644 --- a/app/contacts/contact_url_edit.php +++ b/app/contacts/contact_url_edit.php @@ -40,37 +40,37 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_url_uuid = check_str($_REQUEST["id"]); + $contact_url_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the contact uuid - if (strlen($_GET["contact_uuid"]) > 0) { - $contact_uuid = check_str($_GET["contact_uuid"]); + if (is_uuid($_GET["contact_uuid"])) { + $contact_uuid = $_GET["contact_uuid"]; } //get http post variables and set them to php variables if (count($_POST) > 0) { - $url_label = check_str($_POST["url_label"]); - $url_label_custom = check_str($_POST["url_label_custom"]); - $url_address = check_str($_POST["url_address"]); - $url_primary = check_str($_POST["url_primary"]); - $url_description = check_str($_POST["url_description"]); + $url_label = $_POST["url_label"]; + $url_label_custom = $_POST["url_label_custom"]; + $url_address = $_POST["url_address"]; + $url_primary = $_POST["url_primary"]; + $url_description = $_POST["url_description"]; //use custom label if set - $url_label = ($url_label_custom != '') ? $url_label_custom : $url_label; + $url_label = $url_label_custom != '' ? $url_label_custom : $url_label; } //process the form data - if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { + if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) { //set the uuid if ($action == "update") { - $contact_url_uuid = check_str($_POST["contact_url_uuid"]); + $contact_url_uuid = $_POST["contact_url_uuid"]; } //check for all required data @@ -92,89 +92,84 @@ else { if ($_POST["persistformvar"] != "true") { //update last modified - $sql = "update v_contacts set "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; + $array['contacts'][0]['domain_uuid'] = $domain_uuid; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; + + $p = new permissions; + $p->add('contact_edit', 'temp'); + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_edit', 'temp'); //if primary, unmark other primary numbers if ($url_primary) { $sql = "update v_contact_urls set url_primary = 0 "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } if ($action == "add") { $contact_url_uuid = uuid(); - $sql = "insert into v_contact_urls "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_url_uuid, "; - $sql .= "url_label, "; - $sql .= "url_address, "; - $sql .= "url_primary, "; - $sql .= "url_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$contact_url_uuid."', "; - $sql .= "'".$url_label."', "; - $sql .= "'".$url_address."', "; - $sql .= (($url_primary) ? 1 : 0).", "; - $sql .= "'".$url_description."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid; message::add($text['message-add']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "add") + } if ($action == "update") { - $sql = "update v_contact_urls set "; - $sql .= "contact_uuid = '".$contact_uuid."', "; - $sql .= "url_label = '".$url_label."', "; - $sql .= "url_address = '".$url_address."', "; - $sql .= "url_primary = ".(($url_primary) ? 1 : 0).", "; - $sql .= "url_description = '".$url_description."' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_url_uuid = '".$contact_url_uuid."'"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid; message::add($text['message-update']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + + if (is_array($array) && @sizeof($array) != 0) { + $array['contact_urls'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_urls'][0]['contact_uuid'] = $contact_uuid; + $array['contact_urls'][0]['url_label'] = $url_label; + $array['contact_urls'][0]['url_address'] = $url_address; + $array['contact_urls'][0]['url_primary'] = $url_primary ? 1 : 0; + $array['contact_urls'][0]['url_description'] = $url_description; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + + header("Location: contact_edit.php?id=".$contact_uuid); + exit; + } + } //pre-populate the form - if (count($_GET)>0 && $_POST["persistformvar"] != "true") { + if (is_array($_GET) && @sizeof($_GET) != 0 && $_POST["persistformvar"] != "true") { $contact_url_uuid = $_GET["id"]; $sql = "select * from v_contact_urls "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_url_uuid = '".$contact_url_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_url_uuid = :contact_url_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_url_uuid'] = $contact_url_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $url_label = $row["url_label"]; $url_address = $row["url_address"]; $url_primary = $row["url_primary"]; $url_description = $row["url_description"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/contacts/contact_urls.php b/app/contacts/contact_urls.php index 8bfb24d957..0da336bb8b 100644 --- a/app/contacts/contact_urls.php +++ b/app/contacts/contact_urls.php @@ -48,14 +48,14 @@ //get the contact list $sql = "select * from v_contact_urls "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '$contact_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "order by url_primary desc, url_label asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); $c = 0; $row_style["0"] = "row_style0"; @@ -74,12 +74,12 @@ echo "\n"; echo "\n"; - if ($result_count > 0) { + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { if (permission_exists('contact_url_edit')) { $tr_link = "href='contact_url_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_url_uuid'])."'"; } - echo "\n"; + echo "\n"; echo " ".escape($row['url_label'])." \n"; echo " ".str_replace("http://", "", str_replace("https://", "", escape($row['url_address'])))." \n"; echo " ".escape($row['url_description'])." \n"; @@ -92,10 +92,10 @@ } echo " \n"; echo "\n"; - $c = ($c) ? 0 : 1; - } //end foreach - unset($sql, $result, $row_count); - } //end if results + $c = $c ? 0 : 1; + } + } + unset($result, $row); echo "\n"; diff --git a/app/contacts/contact_user_delete.php b/app/contacts/contact_user_delete.php index 01f7142598..fb4614934d 100644 --- a/app/contacts/contact_user_delete.php +++ b/app/contacts/contact_user_delete.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; -if (permission_exists('contact_group_delete')) { +if (permission_exists('contact_user_delete')) { //access granted } else { @@ -40,19 +40,23 @@ else { $language = new text; $text = $language->get(); - if (count($_REQUEST) > 0) { - $contact_user_uuid = check_str($_REQUEST["id"]); - $contact_uuid = check_str($_REQUEST["contact_uuid"]); + if (is_array($_REQUEST) && @sizeof($_REQUEST) != 0) { + $contact_user_uuid = $_REQUEST["id"]; + $contact_uuid = $_REQUEST["contact_uuid"]; } } //delete the user if (is_uuid($contact_uuid) && is_uuid($contact_user_uuid)) { - $sql = "delete from v_contact_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_user_uuid = '$contact_user_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_users'][0]['contact_user_uuid'] = $contact_user_uuid; + $array['contact_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + $response = $database->message; + unset($array); } //redirect the browser diff --git a/app/contacts/contacts.php b/app/contacts/contacts.php index 3db46a4848..1651b8a8b1 100644 --- a/app/contacts/contacts.php +++ b/app/contacts/contacts.php @@ -48,12 +48,12 @@ require_once "resources/header.php"; //get the search criteria - $search_all = strtolower(check_str($_GET["search_all"])); - $phone_number = check_str($_GET["phone_number"]); + $search_all = strtolower($_GET["search_all"]); + $phone_number = $_GET["phone_number"]; //get variables used to control the order - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //retrieve current user's assigned groups (uuids) foreach ($_SESSION['groups'] as $group_data) { @@ -70,103 +70,123 @@ $sql .= "from "; $sql .= "v_contact_settings "; $sql .= "where "; - $sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "domain_uuid = :domain_uuid "; $sql .= "and contact_setting_category = 'sync' "; $sql .= "and contact_setting_subcategory = 'source' "; $sql .= "and contact_setting_name = 'array' "; $sql .= "and contact_setting_value <> '' "; $sql .= "and contact_setting_value is not null "; if (!(if_group("superadmin") || if_group("admin"))) { - $sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group - $sql .= " contact_uuid in ( \n"; + $sql .= "and ( "; //only contacts assigned to current user's group(s) and those not assigned to any group + $sql .= " contact_uuid in ( "; $sql .= " select contact_uuid from v_contact_groups "; - $sql .= " where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') "; - $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= " ) \n"; - $sql .= " or \n"; - $sql .= " contact_uuid not in ( \n"; + $sql .= " where "; + if (is_array($user_group_uuids) && @sizeof($user_group_uuids) != 0) { + foreach ($user_group_uuids as $index => $user_group_uuid) { + if (is_uuid($user_group_uuid)) { + $sql_where_or[] = "group_uuid = :group_uuid_".$index; + $parameters['group_uuid_'.$index] = $user_group_uuid; + } + } + if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) { + $sql .= " ( ".implode(' or ', $sql_where_or)." ) "; + } + unset($sql_where_or, $index, $user_group_uuid); + } + $sql .= " and domain_uuid = :domain_uuid "; + $sql .= " ) "; + $sql .= " or "; + $sql .= " contact_uuid not in ( "; $sql .= " select contact_uuid from v_contact_groups "; - $sql .= " where group_uuid = '".$_SESSION['group_uuid']."' "; - $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= " ) \n"; - $sql .= ") \n"; + $sql .= " where group_uuid = :group_uuid "; + $sql .= " and domain_uuid = :domain_uuid "; + $sql .= " ) "; + $sql .= ") "; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) > 0) { + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['group_uuid'] = $_SESSION['group_uuid']; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { $contact_sync_sources[$row['contact_uuid']][] = $row['contact_setting_value']; } } - unset ($sql, $prep_statement, $result); + unset($sql, $parameters, $result); //build query for paging and list - $sql = "select count(*) as num_rows "; + $sql = "select count(*) "; $sql .= "from v_contacts as c "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "where domain_uuid = :domain_uuid "; if (!(if_group("superadmin") || if_group("admin"))) { - $sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group - $sql .= " contact_uuid in ( \n"; + $sql .= "and ( "; //only contacts assigned to current user's group(s) and those not assigned to any group + $sql .= " contact_uuid in ( "; $sql .= " select contact_uuid from v_contact_groups "; - $sql .= " where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') "; - $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= " ) \n"; - $sql .= " or contact_uuid in ( \n"; + $sql .= " where "; + if (is_array($user_group_uuids) && @sizeof($user_group_uuids) != 0) { + foreach ($user_group_uuids as $index => $user_group_uuid) { + if (is_uuid($user_group_uuid)) { + $sql_where_or[] = "group_uuid = :group_uuid_".$index; + $parameters['group_uuid_'.$index] = $user_group_uuid; + } + } + if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) { + $sql .= " ( ".implode(' or ', $sql_where_or)." ) "; + } + unset($sql_where_or, $index, $user_group_uuid); + } + $sql .= " and domain_uuid = :domain_uuid "; + $sql .= " ) "; + $sql .= " or contact_uuid in ( "; $sql .= " select contact_uuid from v_contact_users "; - $sql .= " where user_uuid = '".$_SESSION['user_uuid']."' "; - $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= " where user_uuid = :user_uuid "; + $sql .= " and domain_uuid = :domain_uuid "; $sql .= ""; - $sql .= " ) \n"; - $sql .= ") \n"; + $sql .= " ) "; + $sql .= ") "; + $parameters['user_uuid'] = $_SESSION['user_uuid']; } if (strlen($phone_number) > 0) { $phone_number = preg_replace('{\D}', '', $phone_number); $sql .= "and contact_uuid in ( "; $sql .= " select contact_uuid from v_contact_phones "; - $sql .= " where phone_number like '%".$phone_number."%' "; - $sql .= ") \n"; + $sql .= " where phone_number like :phone_number "; + $sql .= ") "; + $parameters['phone_number'] = '%'.$phone_number.'%'; } else { if (strlen($search_all) > 0) { if (is_numeric($search_all)) { - $sql .= "and contact_uuid in ( \n"; + $sql .= "and contact_uuid in ( "; $sql .= " select contact_uuid from v_contact_phones "; - $sql .= " where phone_number like '%".$search_all."%' "; - $sql .= ") \n"; + $sql .= " where phone_number like :search_all "; + $sql .= ") "; } else { - $sql .= "and contact_uuid in ( \n"; + $sql .= "and contact_uuid in ( "; $sql .= " select contact_uuid from v_contacts "; - $sql .= " where domain_uuid = '".$_SESSION['domain_uuid']."' \n"; - $sql .= " and ( \n"; - $sql .= " lower(contact_organization) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_name_given) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_name_family) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_nickname) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_title) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_category) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_role) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_url) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_time_zone) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_note) like '%".$search_all."%' or \n"; - $sql .= " lower(contact_type) like '%".$search_all."%' \n"; - $sql .= " ) \n"; - $sql .= ") \n"; + $sql .= " where domain_uuid = :domain_uuid "; + $sql .= " and ( "; + $sql .= " lower(contact_organization) like :search_all or "; + $sql .= " lower(contact_name_given) like :search_all or "; + $sql .= " lower(contact_name_family) like :search_all or "; + $sql .= " lower(contact_nickname) like :search_all or "; + $sql .= " lower(contact_title) like :search_all or "; + $sql .= " lower(contact_category) like :search_all or "; + $sql .= " lower(contact_role) like :search_all or "; + $sql .= " lower(contact_url) like :search_all or "; + $sql .= " lower(contact_time_zone) like :search_all or "; + $sql .= " lower(contact_note) like :search_all or "; + $sql .= " lower(contact_type) like :search_all "; + $sql .= " ) "; + $sql .= ") "; } + $parameters['search_all'] = '%'.$search_all.'%'; } } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -178,24 +198,24 @@ $offset = $rows_per_page * $page; //get the list - $contact_default_sort_column = ($_SESSION['contacts']['default_sort_column']['text'] != '') ? $_SESSION['contacts']['default_sort_column']['text'] : "last_mod_date"; - $contact_default_sort_order = ($_SESSION['contacts']['default_sort_order']['text'] != '') ? $_SESSION['contacts']['default_sort_order']['text'] : "desc"; - - $sql = str_replace('count(*) as num_rows', '*, (select a.contact_attachment_uuid from v_contact_attachments as a where a.contact_uuid = c.contact_uuid and a.attachment_primary = 1) as contact_attachment_uuid', $sql); - if (strlen($order_by) > 0) { - $sql .= "order by ".$order_by." ".$order.", contact_organization asc "; + $sql = str_replace('count(*)', '*, (select a.contact_attachment_uuid from v_contact_attachments as a where a.contact_uuid = c.contact_uuid and a.attachment_primary = 1) as contact_attachment_uuid', $sql); + if ($order_by != '') { + $sql .= order_by($order_by, $order); + $sql .= ", contact_organization asc "; } else { - $sql .= "order by ".$contact_default_sort_column." ".$contact_default_sort_order." "; + $contact_default_sort_column = $_SESSION['contacts']['default_sort_column']['text'] != '' ? $_SESSION['contacts']['default_sort_column']['text'] : "last_mod_date"; + $contact_default_sort_order = $_SESSION['contacts']['default_sort_order']['text'] != '' ? $_SESSION['contacts']['default_sort_order']['text'] : "desc"; + + $sql .= order_by($contact_default_sort_column, $contact_default_sort_order); if ($db_type == "pgsql") { - $sql .= "nulls last "; + $sql .= " nulls last "; } } - $sql .= "limit ".$rows_per_page." offset ".$offset." "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contacts = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $contacts = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //styles echo "