Marle
/
webAdministracion
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
설명 없음
2 커밋
1 브렌치
트리: 8452fc02c6
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '8452fc02c6'
${ noResults }
webAdministracion/processes/updateQuestion.php

updateQuestion.php 10.0KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268 
  1. <?php

  2. 

  3. 	require_once 'config.php';

  4. 	require_once 'dbh.inc.php';

  5. 	require_once 'checkLogin.php';

  6. 

  7. 

  8. 	// EXAMPLE INPUT...

  9. 	// array(10) { ["questionID"]=> string(3) "266" ["update_q_premise"]=> string(7) "Saludos" ["update_q_type"]=> string(1) "1" ["update_min_val"]=> string(1) "1" ["update_min_text"]=> string(5) "adios" ["update_max_val"]=> string(1) "5" ["update_max_text"]=> string(4) "hola" ["update_q_category"]=> string(2) "92" ["update_q_subcategory"]=> string(3) "115" ["updateQuestion"]=> string(0) "" }

  10. 	

  11. 	// WARNING: SHOULD CHECK THAT CATEGORY/SUBCATEGORY GIVEN CORRESPOND TO THE QUESTIONNAIRE ID

  12. 

  13. 	if(isset($_POST['updateQuestion'])) {

  14. 	

  15. 	

  16. 	

  17. 		$questionID = mysqli_real_escape_string($connection, trim($_POST['questionID']));

  18. 

  19. 		// Check that question ID is not empty string

  20. 		// And that it's registered in the database

  21. 		if($questionID === "") {

  22. 			http_response_code(400);

  23. 			echo json_encode(array("error" => "Please specify experience ID."));

  24. 			exit();

  25. 		} else if(mysqli_query($connection, "SELECT * FROM question WHERE id = '$questionID';")->num_rows !== 1) {

  26. 			http_response_code(400);

  27. 			echo json_encode(array("error" => "Given experience ID ($id) not in database."));

  28. 			exit();

  29. 		}

  30. 	

  31. 	

  32. 	

  33. 		// UPDATE PREMISE

  34. 		if(isset($_POST['update_q_premise'])) {

  35. 		

  36. 			$premise = mysqli_real_escape_string($connection, trim($_POST['update_q_premise']));

  37. 			

  38. 			// Check that premise is not empty string

  39. 			// And that it doesn't exceed 600 characters (database limit)

  40. 			if($premise === "") {

  41. 				http_response_code(400);

  42. 				echo json_encode(array("error" => "Question premise can't be empty."));

  43. 				exit();

  44. 			} else if(mb_strlen($premise) > 600) {

  45. 				http_response_code(400);

  46. 				echo json_encode(array("error" => "Question premise too long (max. is 600 characters)."));

  47. 				exit();

  48. 			}

  49. 			

  50. 			$query = "UPDATE `question` SET `premise` = '$premise' WHERE `id` = '$questionID';";

  51. 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  52. 			

  53. 		}

  54. 

  55. 	

  56. 	

  57. 	

  58. 		// UPDATE TYPE

  59. 		if(isset($_POST['update_q_type'])) {

  60. 		

  61. 			$typeID = mysqli_real_escape_string($connection, trim($_POST['update_q_type']));

  62. 			

  63. 			// Check that question type isn not empty string

  64. 			// If the question type is neither (invalid; nor "1" nor "2"), let user know (user probably tampered with client-side)

  65. 			if($typeID === "" || ($typeID != "1" && $typeID != "2")) {

  66. 				http_response_code(400);

  67. 				echo json_encode(array("error" => "Please specify a type (1 for scaled, 2 for open)."));

  68. 				exit();

  69. 			}

  70. 			

  71. 			

  72. 			// If the question type is scaled (e.g. value of "1"), make sure all the min/max settings are valid

  73. 			// If the question type is open, we don't have to check for min/max settings

  74. 			if($typeID === "1") {

  75. 			

  76. 			

  77. 				// FETCH MIN VAL, MAX VAL, MIN TEXT AND MAX TEXT

  78. 				$minVal = mysqli_real_escape_string($connection, trim($_POST['update_min_val']));

  79. 				$maxVal = mysqli_real_escape_string($connection, trim($_POST['update_max_val']));

  80. 				$minText = mysqli_real_escape_string($connection, trim($_POST['update_min_text']));

  81. 				$maxText = mysqli_real_escape_string($connection, trim($_POST['update_max_text']));

  82. 

  83. 			

  84. 				// Check if minVal is not 1 (we decided it should be like that)

  85. 				if($minVal !== "1") {

  86. 					http_response_code(400);

  87. 					echo json_encode(array("error" => "Minimum value has to be 1."));

  88. 					exit();

  89. 				}

  90. 

  91. 

  92. 				// Check if minText is not an empty string

  93. 				if($minText === "") {

  94. 					http_response_code(400);

  95. 					echo json_encode(array("error" => "Please specify a valid minimum text."));

  96. 					exit();

  97. 				} else if(mb_strlen($minText) > 40) {

  98. 					http_response_code(400);

  99. 					echo json_encode(array("error" => "Minimum text '$minText' too long (max. is 40 characters)."));

  100. 					exit();

  101. 				}

  102. 				

  103. 				

  104. 				// Check if maxVal is greater or equal to 2 (we decided it should be like that)

  105. 				// REMINDERS:

  106. 					// is_numeric() ensures the string is a number

  107. 					// intval() returns truncates "starting numeric-like" numbers (e.g. 1234asdf is 1234)

  108. 					// intval() returns 0 if it detects "normal string" (e.g. asdf1234 is 0)

  109. 				if(!is_numeric($maxVal)) {

  110. 					http_response_code(400);

  111. 					echo json_encode(array("error" => "Maximum value has to be numeric."));

  112. 					exit();

  113. 				} else if(intval($maxVal) < 2) {

  114. 					http_response_code(400);

  115. 					echo json_encode(array("error" => "Maximum value has to be greater or equal to 2."));

  116. 					exit();

  117. 				}

  118. 				

  119. 				

  120. 				// Check if maxText is not an empty string

  121. 				if($maxText === "") {

  122. 					http_response_code(400);

  123. 					echo json_encode(array("error" => "Please specify a valid maximum text."));

  124. 					exit();

  125. 				} else if(mb_strlen($maxText) > 40) {

  126. 					http_response_code(400);

  127. 					echo json_encode(array("error" => "Maximum text '$maxText' too long (max. is 40 characters)."));

  128. 					exit();

  129. 				}

  130. 				

  131. 				

  132. 				// Check that maxText and minText are different strings

  133. 				if(mb_strtolower($maxText) === mb_strtolower($minText)) {

  134. 					http_response_code(400);

  135. 					echo json_encode(array("error" => "Labels must be different."));

  136. 					exit();

  137. 				}

  138. 				

  139. 

  140. 

  141. 				// First change the question type

  142. 				$query = "UPDATE `question` SET `id_type` = '$typeID' WHERE `id` = '$questionID'";

  143. 				$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  144. 				

  145. 				

  146. 				// Fetch all the min/max labels and values (if already present)

  147. 				if(mysqli_query($connection, "SELECT * FROM question_type WHERE id_question = '$questionID';")->num_rows === 4) {

  148. 				

  149. 					// Then update all the min/max labels and values

  150. 					$query = "UPDATE `question_type` SET value = '$minVal' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'min_val';";

  151. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  152. 

  153. 					$query = "UPDATE `question_type` SET value = '$minText' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'min_texto';";				

  154. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  155. 

  156. 					$query = "UPDATE `question_type` SET value = '$maxVal' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'max_val';";

  157. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  158. 

  159. 					$query = "UPDATE `question_type` SET value = '$maxText' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'max_texto';";				

  160. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  161. 

  162. 				

  163. 				} else {

  164. 

  165. 					// Then create all the new min/max labels and values

  166. 					$query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_val', '$minVal');";

  167. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  168. 				

  169. 					$query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_texto', '$minText');";

  170. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  171. 				

  172. 					$query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_val', '$maxVal');";

  173. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  174. 				

  175. 					$query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_texto', '$maxText');";

  176. 					$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  177. 				

  178. 				}

  179. 				

  180. 				

  181. 			

  182. 			} else if($typeID === "2") {

  183. 			

  184. 				// First change the question type

  185. 				$query = "UPDATE `question` SET `id_type` = '$typeID' WHERE `id` = '$questionID';";

  186. 				$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));    

  187. 				

  188. 				// Then delete the min/max labels and values

  189. 				$query = "DELETE FROM `question_type` WHERE `id_question` = '$questionID'";

  190. 				$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  191. 				

  192. 			}

  193. 			

  194. 			

  195. 			

  196. 			

  197. 

  198. 

  199. 		// UPDATE CATEGORY

  200. 		if(isset($_POST['update_q_category'])) {

  201. 		

  202. 			$categoryID = mysqli_real_escape_string($connection, trim($_POST['update_q_category']));

  203. 			

  204. 			// Check that category ID is not empty string

  205. 			// And that it's registered in the database

  206. 			if($categoryID === "") {

  207. 				http_response_code(400);

  208. 				echo json_encode(array("error" => "Please specify category ID."));

  209. 				exit();

  210. 			} else if(mysqli_query($connection, "SELECT * FROM category WHERE id = '$categoryID';")->num_rows !== 1) {

  211. 				http_response_code(400);

  212. 				echo json_encode(array("error" => "Given category ID ($categoryID) not in database."));

  213. 				exit();

  214. 			}

  215. 			

  216. 			$query = "UPDATE `question` SET `id_category` = '$categoryID' WHERE `id` = '$questionID';";

  217. 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  218.  		   	

  219. 		}

  220. 	

  221. 	

  222. 	

  223. 		// UPDATE SUBCATEGORY

  224. 		if(isset($_POST['update_q_subcategory'])) {

  225. 		

  226. 			$subcategoryID = mysqli_real_escape_string($connection, trim($_POST['update_q_subcategory']));

  227. 			

  228. 			// Check that subcategory ID is not empty string

  229. 			// And that it's registered in the database

  230. 			if($subcategoryID === "") {

  231. 				http_response_code(400);

  232. 				echo json_encode(array("error" => "Please specify subcategory ID."));

  233. 				exit();

  234. 			} else if(mysqli_query($connection, "SELECT * FROM subcategory WHERE id = '$subcategoryID';")->num_rows !== 1) {

  235. 				http_response_code(400);

  236. 				echo json_encode(array("error" => "Given subcategory ID ($subcategoryID) not in database."));

  237. 				exit();

  238. 			}

  239. 		

  240. 			$query = "UPDATE `question` SET `id_subcategory` = '$subcategoryID' WHERE `id` = '$questionID';";

  241. 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));

  242. 			

  243. 		}

  244. 

  245. 

  246. 

  247. 

  248. 

  249. 

  250. 

  251. 			

  252. 		}

  253. 	

  254. 	

  255. 	

  256. 		// UPDATE REFERENCE

  257. // 		if(isset($_POST['newReference'])) {

  258. // 			$query = "UPDATE `question` SET `id_referencia`='".$_POST['newReference']."' WHERE `id`='".$_POST['id']."';";

  259. // 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection)); 

  260. // 		}

  261. 	

  262. 	

  263. 	

  264. 

  265. 	

  266. 	}

  267. 	

  268.