Brak opisu

updateExperience.php 3.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // IF USER ENTERS PAGE AFTER 'Save Changes' BUTTON HAS BEEN PRESSED (FROM viewExperience.php), EDIT EXPERIENCE BASIC INFO FROM DATABASE
  6. // ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php
  7. if(isset($_POST['updateExperience'])) {
  8. $id = mysqli_real_escape_string($connection, trim($_POST['id']));
  9. // Check that experience ID is not empty string
  10. // And that it's registered in the database
  11. if($id === "") {
  12. http_response_code(400);
  13. echo json_encode(array("error" => "Please specify experience ID."));
  14. exit();
  15. } else if(mysqli_query($connection, "SELECT * FROM experience WHERE id = '$id';")->num_rows !== 1) {
  16. http_response_code(400);
  17. echo json_encode(array("error" => "Given experience ID ($id) not in database."));
  18. exit();
  19. }
  20. // UPDATE TITLE
  21. if(isset($_POST['newTitle'])) {
  22. $newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
  23. // Check that experience title is not empty
  24. // And that it's less than 60 characters in length (database limit)
  25. if($newTitle === "") {
  26. http_response_code(400);
  27. echo json_encode(array("error" => "Please specify title."));
  28. exit();
  29. } else if(mb_strlen($newTitle) > 60) {
  30. http_response_code(400);
  31. echo json_encode(array("error" => "Title too long (max. is 60 characters)."));
  32. exit();
  33. }
  34. $query = "UPDATE `experience` SET `title` = '$newTitle' WHERE `id` = '$id';";
  35. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  36. }
  37. // UPDATE DESCRIPTION
  38. if(isset($_POST['newDescription'])) {
  39. $newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
  40. // Check that experience title is not empty
  41. // And that it's less than 60 characters in length (database limit)
  42. if($newDescription === "") {
  43. http_response_code(400);
  44. echo json_encode(array("error" => "Please specify description."));
  45. exit();
  46. } else if(mb_strlen($newDescription) > 100) {
  47. http_response_code(400);
  48. echo json_encode(array("error" => "Description too long (max. is 100 characters)."));
  49. exit();
  50. }
  51. $query = "UPDATE `experience` SET `description` = '$newDescription' WHERE `id` = '$id';";
  52. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  53. }
  54. /*** REMEMBER TO VALIDATE INPUT IF THE CODE BELOW IS TO BE USED ***/
  55. // UPDATE TYPE
  56. // if(isset($_POST['newType']) AND $_POST['newType'] != " ") {
  57. // $newType = mysqli_real_escape_string($connection, trim($_POST['newType']));
  58. // $query = "UPDATE `experience` SET `type` = '$newType' WHERE `id` = '$id';";
  59. // $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  60. // }
  61. // UPDATE DURATION
  62. // if(isset($_POST['newDuration'])) {
  63. // $newDuration = mysqli_real_escape_string($connection, trim($_POST['newDuration']));
  64. // $query = "UPDATE `experience` SET `duration_weeks` = '$newDuration' WHERE `id` = '$id';";
  65. // $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  66. // }
  67. // UPDATE START DATE
  68. // if(isset($_POST['newStart'])) {
  69. // $newStart = mysqli_real_escape_string($connection, trim($_POST['newStart']));
  70. // $query = "UPDATE `experience` SET `start_date` = '$newStart' WHERE `id` = '$id';";
  71. // $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  72. // }
  73. // UPDATE END DATE
  74. // if(isset($_POST['newEnd'])) {
  75. // $newEnd = mysqli_real_escape_string($connection, trim($_POST['newEnd']));
  76. // $query = "UPDATE `experience` SET `end_date` = '$newEnd' WHERE `id` = '$id';";
  77. // $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  78. // }
  79. }