string(1) "1" ["mil_title"]=> string(1) "t" ["mil_date"]=> string(10) "2222-02-22" ["newMilestone"]=> string(0) "" } if(isset($_POST['newMilestone'])) { /*** FETCH THE BASIC INFO OF THE NEW MILESTONE ***/ $experienceID = mysqli_real_escape_string($connection, trim($_POST['id_experience'])); $milestoneTitle = mysqli_real_escape_string($connection, trim($_POST['mil_title'])); $milestoneDate = mysqli_real_escape_string($connection, trim($_POST['mil_date'])); // Check that experienceID is not an empty string // And that experienceID is in the database if($experienceID === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM experience WHERE id = $experienceID;")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given experience ID ($experienceID) not in database.")); exit(); } // Check that milestoneTitle is not an empty string // And that it doesn't exceed 256 characters (database limit) if($milestoneTitle === "") { http_response_code(400); echo json_encode(array("error" => "Please specify milestone title.")); exit(); } else if(mb_strlen($milestoneTitle) > 256) { http_response_code(400); echo json_encode(array("error" => "Milestone title too long (max. is 256 characters).")); exit(); } // Check that milestoneDate is not an empty string // And that milestoneDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22) // WARNING: only handling AST // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/ function validDate($date) { $d = date_create_from_format("Y-m-d", $date); return $d && date_format($d, "Y-m-d") === $date; } if($milestoneDate === "") { http_response_code(400); echo json_encode(array("error" => "Please specify milestone date.")); exit(); } else if(!validDate($milestoneDate)) { http_response_code(400); echo json_encode(array("error" => "Milestone date ($milestoneDate) given in wrong format (use YYYY-MM-DD instead).")); exit(); } /*** START OF DB QUERIES ***/ // exit(); // while(TRUE) { // exit(); // } // exit(); /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/ $query = "INSERT INTO milestone (title, date, id_experience) VALUES ('".$milestoneTitle."','".$milestoneDate."','".$experienceID."');"; if(!mysqli_query($connection, $query)) die("Error: Couldn't create milestone
".mysqli_error($connection)); } ?>