Без опису

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(4) { ["questionnaireID"]=> string(2) "21" ["newTitle"]=> string(24) "Preguntas sobre material" ["newDescription"]=> string(36) "Preguntas sobre material de la clase" ["updateQuestionnaire"]=> string(0) "" }
  7. if(isset($_POST['updateQuestionnaire'])) {
  8. $questionnaireID = mysqli_real_escape_string($connection, trim($_POST['questionnaireID']));
  9. // Check that questionnaire ID is not empty string
  10. // And that it's registered in the database
  11. if($questionnaireID === "") {
  12. http_response_code(400);
  13. echo json_encode(array("error" => "Please specify questionnaire ID."));
  14. exit();
  15. } else if(mysqli_query($connection, "SELECT * FROM questionnair WHERE id = '$questionnaireID';")->num_rows !== 1) {
  16. http_response_code(400);
  17. echo json_encode(array("error" => "Given questionnaire ID ($questionnaireID) not in database."));
  18. exit();
  19. }
  20. // UPDATE TITLE
  21. if(isset($_POST['newTitle'])) {
  22. $newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
  23. // Check that questionnaire title is not empty
  24. // And that it's less than 100 characters in length (database limit)
  25. if($newTitle === "") {
  26. http_response_code(400);
  27. echo json_encode(array("error" => "Please specify title."));
  28. exit();
  29. } else if(mb_strlen($newTitle) > 100) {
  30. http_response_code(400);
  31. echo json_encode(array("error" => "Title too long (max. is 100 characters)."));
  32. exit();
  33. }
  34. $query = "UPDATE `questionnair` SET `q_title` = '$newTitle' WHERE `id` = '$questionnaireID';";
  35. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  36. }
  37. // UPDATE DESCRIPTION
  38. if(isset($_POST['newDescription'])) {
  39. $newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
  40. // Check that questionnaire description is not empty
  41. // And that it's less than 200 characters in length (database limit)
  42. if($newDescription === "") {
  43. http_response_code(400);
  44. echo json_encode(array("error" => "Please specify description."));
  45. exit();
  46. } else if(mb_strlen($newDescription) > 200) {
  47. http_response_code(400);
  48. echo json_encode(array("error" => "Description too long (max. is 200 characters)."));
  49. exit();
  50. }
  51. $query = "UPDATE `questionnair` SET `description` = '$newDescription' WHERE `id` = '$questionnaireID';";
  52. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  53. }
  54. }