string(2) "23" ["q_premise"]=> string(18) "esta es la premisa" ["q_type"]=> string(1) "1" ["min_val"]=> string(1) "1" ["min_text"]=> string(4) "caca" ["max_val"]=> string(1) "5" ["max_text"]=> string(5) "bueno" ["q_category"]=> string(2) "92" ["q_subcategory"]=> string(3) "115" ["insertQuestionToQuestionnaire"]=> string(0) "" } // WARNING: SHOULD CHECK THAT CATEGORY/SUBCATEGORY GIVEN CORRESPOND TO THE QUESTIONNAIRE ID if(isset($_POST['insertQuestionToQuestionnaire'])) { $questionnaireID = mysqli_real_escape_string($connection, trim($_POST['questionnaireID'])); $premise = mysqli_real_escape_string($connection, trim($_POST['q_premise'])); $typeID = mysqli_real_escape_string($connection, trim($_POST['q_type'])); $minVal = mysqli_real_escape_string($connection, trim($_POST['min_val'])); $minText = mysqli_real_escape_string($connection, trim($_POST['min_text'])); $maxVal = mysqli_real_escape_string($connection, trim($_POST['max_val'])); $maxText = mysqli_real_escape_string($connection, trim($_POST['max_text'])); $categoryID = mysqli_real_escape_string($connection, trim($_POST['q_category'])); $subcategoryID = mysqli_real_escape_string($connection, trim($_POST['q_subcategory'])); // Check that questionnaire ID is not empty string // And that it's registered in the database if($questionnaireID === "") { http_response_code(400); echo json_encode(array("error" => "Please specify questionnaire ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM questionnair WHERE id = '$questionnaireID';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given questionnaire ID ($questionnaireID) not in database.")); exit(); } // Check that premise is not empty string // And that it doesn't exceed 600 characters (database limit) if($premise === "") { http_response_code(400); echo json_encode(array("error" => "Question premise can't be empty.")); exit(); } else if(mb_strlen($premise) > 600) { http_response_code(400); echo json_encode(array("error" => "Question premise too long (max. is 600 characters).")); exit(); } // Check that question type isn not empty string // If the question type is neither (invalid; nor "1" nor "2"), let user know (user probably tampered with client-side) if($typeID === "" || ($typeID != "1" && $typeID != "2")) { http_response_code(400); echo json_encode(array("error" => "Please specify a type (1 for scaled, 2 for open).")); exit(); } else if($typeID === "1") { // Check if minVal is equal to 1 (we decided it should be like that) if($minVal !== "1") { http_response_code(400); echo json_encode(array("error" => "Minimum value has to be 1.")); exit(); } // Check if minText is not an empty string if($minText === "") { http_response_code(400); echo json_encode(array("error" => "Please specify a valid minimum text.")); exit(); } else if(mb_strlen($minText) > 40) { http_response_code(400); echo json_encode(array("error" => "Minimum text '$minText' too long (max. is 40 characters).")); exit(); } // Check if maxVal is greater or equal to 2 (we decided it should be like that) // REMINDERS: // is_numeric() ensures the string is a number // intval() returns truncates "starting numeric-like" numbers (e.g. 1234asdf is 1234) // intval() returns 0 if it detects "normal string" (e.g. asdf1234 is 0) if(!is_numeric($maxVal)) { http_response_code(400); echo json_encode(array("error" => "Maximum value has to be numeric.")); exit(); } else if(intval($maxVal) < 2) { http_response_code(400); echo json_encode(array("error" => "Maximum value has to be greater or equal to 2.")); exit(); } // Check if maxText is not an empty string if($maxText === "") { http_response_code(400); echo json_encode(array("error" => "Please specify a valid maximum text.")); exit(); } else if(mb_strlen($maxText) > 40) { http_response_code(400); echo json_encode(array("error" => "Maximum text '$maxText' too long (max. is 40 characters).")); exit(); } // Check that maxText and minText are different strings if(mb_strtolower($maxText) === mb_strtolower($minText)) { http_response_code(400); echo json_encode(array("error" => "Labels must be different.")); exit(); } } // Check that category ID is not empty string // And that it's registered in the database if($categoryID === "") { http_response_code(400); echo json_encode(array("error" => "Please specify category ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM category WHERE id = '$categoryID';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given category ID ($categoryID) not in database.")); exit(); } // Check that subcategory ID is not empty string // And that it's registered in the database if($subcategoryID === "") { http_response_code(400); echo json_encode(array("error" => "Please specify subcategory ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM subcategory WHERE id = '$subcategoryID';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given subcategory ID ($subcategoryID) not in database.")); exit(); } /*** START OF DB QUERIES ***/ // exit(); // while(TRUE) { // exit(); // } // exit(); /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/ // INSERT NEW QUESTION $query = "INSERT INTO question (`premise`, `id_category`, `id_subcategory`, `id_type`) VALUES ('$premise', '$categoryID', '$subcategoryID', '$typeID');"; $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection)); // RETRIEVE INSERTED QUESTION ID $questionID = mysqli_insert_id($connection) or die("Error: ".mysqli_error($connection)); // IF QUESTION IS SCALED, INSERT MIN/MAX VALUES/TEXT if($typeID === "1") { $queryMinVal = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_val', '$minVal');"; $result = mysqli_query($connection, $queryMinVal) or die("Error: ".mysqli_error($connection)); $queryMinText = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_texto', '$minText');"; $result = mysqli_query($connection, $queryMinText) or die("Error: ".mysqli_error($connection)); $queryMaxVal = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_val', '$maxVal');"; $result = mysqli_query($connection, $queryMaxVal) or die("Error: ".mysqli_error($connection)); $queryMaxText = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_texto', '$maxText');"; $result = mysqli_query($connection, $queryMaxText) or die("Error: ".mysqli_error($connection)); } // HOOK QUESTION TO QUESTIONNAIRE $queryHookQuestionToQuestionnaire = "INSERT INTO questionnair_question (`id_questionnair`, `id_question`) VALUES ('$questionnaireID', '$questionID');"; $result = mysqli_query($connection, $queryHookQuestionToQuestionnaire) or die("Error: ".mysqli_error($connection)); }