Implementing PDO with Prepared Statements

0

I have a code below functional, but I could not quite understand how to implement Prepared Statements to this code / Class. After researching on subject and attempts, from what I understand is simple, can someone give me a light?

class Model {
        protected $db;

        public function __construct(){
            $this->db = new PDO('mysql:host=xxxxxxxx;dbname=xxxxxxxx', 'xxxxxxxx', 'xxxxxxxx');
            $this->db->exec("set names utf8");
        }

        public function insert(Array $dados){
            $campos = implode(", ", array_keys($dados));
            $valores = "'".implode("','", array_values($dados))."'";
            return $this->db->query("INSERT INTO '{$this->_tabela}' ({$campos}) VALUES ({$valores})");
        }

        public function read($where = NULL, $limit = NULL, $offset = NULL, $orderby = NULL){
            $where = ($where != NULL ? "WHERE {$where}" : "");
            $limit = ($limit != NULL ? "LIMIT {$limit}" : "");
            $offset = ($offset != NULL ? "OFFSET {$offset}" : "");
            $orderby = ($orderby != NULL ? "ORDER BY {$orderby}" : "");
            $q = $this->db->query("SELECT * FROM '{$this->_tabela}' {$where} {$orderby} {$limit} {$offset}");
            $q->setFetchMode(PDO::FETCH_ASSOC);
            return $q->fetchAll();
        }

        public function update(Array $dados, $where){
            foreach($dados as $ind => $val){
                $campos[] = "{$ind} = '{$val}'";
            }
            $campos = implode(", ", $campos);
            return $this->db->query("UPDATE '{$this->_tabela}' SET {$campos} WHERE {$where}");
        }

        public function delete($where){
            return $this->db->query("DELETE FROM '{$this->_tabela}' WHERE {$where}");            
        }
    }
    
asked by anonymous 20.10.2015 / 11:40

0 answers