Без опису

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(3) { ["momentID"]=> string(3) "137" ["questionID"]=> string(3) "266" ["addExistingQuestionToMoment"]=> string(0) "" }
  7. if(isset($_POST['addExistingQuestionToMoment'])) {
  8. $momentID = mysqli_real_escape_string($connection, trim($_POST['momentID']));
  9. $questionID = mysqli_real_escape_string($connection, trim($_POST['questionID']));
  10. // Check that moment ID is not empty string
  11. // And that it's registered in the database
  12. if($momentID === "") {
  13. http_response_code(400);
  14. echo json_encode(array("error" => "Please specify moment ID."));
  15. exit();
  16. } else if(mysqli_query($connection, "SELECT * FROM subquestionnair WHERE id = '$momentID';")->num_rows !== 1) {
  17. http_response_code(400);
  18. echo json_encode(array("error" => "Given moment ID ($momentID) not in database."));
  19. exit();
  20. }
  21. // Check that question ID is not empty string
  22. // And that it's registered in the database
  23. // And that it belongs to the Questionnaire the Moment belongs to
  24. // And that it isn't a duplicate inside the Moment
  25. if($questionID === "") {
  26. http_response_code(400);
  27. echo json_encode(array("error" => "Please specify question ID."));
  28. exit();
  29. } else if(mysqli_query($connection, "SELECT * FROM question WHERE id = '$questionID';")->num_rows !== 1) {
  30. http_response_code(400);
  31. echo json_encode(array("error" => "Given question ID ($questionID) not in database."));
  32. exit();
  33. } else if(mysqli_query($connection, "SELECT * FROM question WHERE id = '$questionID' AND id IN (SELECT id_question FROM questionnair_question WHERE id_questionnair = (SELECT id_questionnair FROM subquestionnair WHERE id = '$momentID'));")->num_rows !== 1) {
  34. http_response_code(400);
  35. echo json_encode(array("error" => "Given question ID ($questionID) is outside the Moment's corresponding Questionnair's scope."));
  36. exit();
  37. } else if(mysqli_query($connection, "SELECT * FROM subquestionnair_question WHERE id_question = '$questionID' AND id_subquestionnair = '$momentID';")->num_rows !== 0) {
  38. http_response_code(400);
  39. echo json_encode(array("error" => "Question already in moment."));
  40. exit();
  41. }
  42. // Add question to moment
  43. $query = "INSERT INTO subquestionnair_question (id_subquestionnair, id_question) VALUES ('$momentID','$questionID');";
  44. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  45. }