From fe4aee5c25727a57ad774c49572ec120455f9f1b Mon Sep 17 00:00:00 2001
From: Fabian Schieder <fabian.schieder.1010@gmail.com>
Date: Mon, 6 Apr 2026 21:04:46 +0200
Subject: [PATCH] Refactor offerAdder to use mysqli for database connections
 and queries

---
 offerAdder.php | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/offerAdder.php b/offerAdder.php
index 62838ad..d5be3a1 100644
--- a/offerAdder.php
+++ b/offerAdder.php
@@ -18,7 +18,7 @@ if (empty($_SESSION['user_id']) || empty($_SESSION['user_roles']) || !in_array('
     exit;
 }
 
-$db = db_get_connection();
+$conn = db_connect();
 $message = '';
 $messageType = '';
 
@@ -31,14 +31,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
     $offerURL = trim($_POST['offer_url']);
 
     if ($productID > 0 && $shopID > 0 && $price >= 0) {
-        $stmt = $db->prepare("INSERT INTO offers (productID, shopID, price, shippingCost, inStock, offerURL) VALUES (?, ?, ?, ?, ?, ?)");
-        if ($stmt->execute([$productID, $shopID, $price, $shippingCost, $inStock, $offerURL])) {
+        $stmt = $conn->prepare("INSERT INTO offers (productID, shopID, price, shippingCost, inStock, offerURL) VALUES (?, ?, ?, ?, ?, ?)");
+        $stmt->bind_param("iiddiss", $productID, $shopID, $price, $shippingCost, $inStock, $offerURL);
+        if ($stmt->execute()) {
             $message = 'Angebot erfolgreich hinzugefügt!';
             $messageType = 'success';
         } else {
             $message = 'Fehler beim Hinzufügen des Angebots.';
             $messageType = 'error';
         }
+        $stmt->close();
     } else {
         $message = 'Bitte alle Pflichtfelder korrekt ausfüllen.';
         $messageType = 'error';
@@ -46,12 +48,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
 }
 
 // Get all products for dropdown
-$productsStmt = $db->query("SELECT productID, model FROM products ORDER BY model ASC");
-$products = $productsStmt->fetchAll(PDO::FETCH_ASSOC);
+$productsResult = $conn->query("SELECT productID, model FROM products ORDER BY model ASC");
+$products = [];
+if ($productsResult) {
+    while ($row = $productsResult->fetch_assoc()) {
+        $products[] = $row;
+    }
+}
 
 // Get all shops for dropdown
-$shopsStmt = $db->query("SELECT shopID, name FROM shops ORDER BY name ASC");
-$shops = $shopsStmt->fetchAll(PDO::FETCH_ASSOC);
+$shopsResult = $conn->query("SELECT shopID, name FROM shops ORDER BY name ASC");
+$shops = [];
+if ($shopsResult) {
+    while ($row = $shopsResult->fetch_assoc()) {
+        $shops[] = $row;
+    }
+}
 
 include 'header.php';
 ?>