string(3) "137" ["newTitle"]=> string(18) "saludos de saludos" ["newDescription"]=> string(18) "saludos de saludos" ["updateMoment"]=> string(0) "" } if(isset($_POST['updateMoment'])) { $momentID = mysqli_real_escape_string($connection, trim($_POST['momentID'])); // Check that moment ID is not empty string // And that it's registered in the database if($momentID === "") { http_response_code(400); echo json_encode(array("error" => "Please specify moment ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM subquestionnair WHERE id = '$momentID';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given moment ID ($momentID) not in database.")); exit(); } // UPDATE TITLE if(isset($_POST['newTitle'])) { $newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle'])); // Check that moment title is not empty // And that it's less than 60 characters in length (database limit) if($newTitle === "") { http_response_code(400); echo json_encode(array("error" => "Please specify title.")); exit(); } else if(mb_strlen($newTitle) > 60) { http_response_code(400); echo json_encode(array("error" => "Title too long (max. is 60 characters).")); exit(); } $query = "UPDATE `subquestionnair` SET `title` = '$newTitle' WHERE `id` = '$momentID';"; $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection)); } // UPDATE DESCRIPTION if(isset($_POST['newDescription'])) { $newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription'])); // Check that moment description is not empty // And that it's less than 100 characters in length (database limit) if($newDescription === "") { http_response_code(400); echo json_encode(array("error" => "Please specify description.")); exit(); } else if(mb_strlen($newDescription) > 100) { http_response_code(400); echo json_encode(array("error" => "Description too long (max. is 100 characters).")); exit(); } $query = "UPDATE `subquestionnair` SET `description` = '$newDescription' WHERE `id` = '$momentID';"; $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection)); } if(isset($_POST['newDate'])) { $momentDate = mysqli_real_escape_string($connection, trim($_POST['newDate'])); // Check that momentDate is not an empty string // And that momentDate is in appropriate format YYYY-MM-DDThh:mm (e.g. 121212-12-12T12:12) // WARNING: only handling AST // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/ function validDate($date) { $d = date_create_from_format("Y-m-d\TH:i", $date); return $d && date_format($d, "Y-m-d\TH:i") === $date; } if($momentDate === "") { http_response_code(400); echo json_encode(array("error" => "Please specify moment date.")); exit(); } else if(!validDate($momentDate)) { http_response_code(400); echo json_encode(array("error" => "Moment date ($momentDate) given in wrong format (use YYYY-MM-DDTHH:mm instead).")); exit(); } $queryMoment = "UPDATE subquestionnair SET date_to_administer = '$momentDate' WHERE id = '$momentID';"; if(!mysqli_query($connection, $queryMoment)) { http_response_code(400); echo json_encode(array("error" => "Couldn't update moment date. ".mysqli_error($connection))); } } }