Marle
/
webAdministracion


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
							<?php

	require_once 'config.php';
	require_once 'dbh.inc.php';
	require_once 'checkLogin.php';
	
	
	// EXAMPLE INPUT...
	// array(4) { ["questionnaireID"]=> string(2) "21" ["newTitle"]=> string(24) "Preguntas sobre material" ["newDescription"]=> string(36) "Preguntas sobre material de la clase" ["updateQuestionnaire"]=> string(0) "" }


	if(isset($_POST['updateQuestionnaire'])) {
		

		$questionnaireID = mysqli_real_escape_string($connection, trim($_POST['questionnaireID']));
		
		// Check that questionnaire ID is not empty string
		// And that it's registered in the database
		if($questionnaireID === "") {
			http_response_code(400);
			echo json_encode(array("error" => "Please specify questionnaire ID."));
			exit();
		} else if(mysqli_query($connection, "SELECT * FROM questionnair WHERE id = '$questionnaireID';")->num_rows !== 1) {
			http_response_code(400);
			echo json_encode(array("error" => "Given questionnaire ID ($questionnaireID) not in database."));
			exit();
		}


		// UPDATE TITLE
		if(isset($_POST['newTitle'])) {
		
			$newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
			
			// Check that questionnaire title is not empty
			// And that it's less than 100 characters in length (database limit)
			if($newTitle === "") {
				http_response_code(400);
				echo json_encode(array("error" => "Please specify title."));
				exit();
			} else if(mb_strlen($newTitle) > 100) {
				http_response_code(400);
				echo json_encode(array("error" => "Title too long (max. is 100 characters)."));
				exit();
			}
			
			$query = "UPDATE `questionnair` SET `q_title` = '$newTitle' WHERE `id` = '$questionnaireID';";
			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
            
		}
		
		
		// UPDATE DESCRIPTION
		if(isset($_POST['newDescription'])) {
		
			$newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
			
			// Check that questionnaire description is not empty
			// And that it's less than 200 characters in length (database limit)
			if($newDescription === "") {
				http_response_code(400);
				echo json_encode(array("error" => "Please specify description."));
				exit();
			} else if(mb_strlen($newDescription) > 200) {
				http_response_code(400);
				echo json_encode(array("error" => "Description too long (max. is 200 characters)."));
				exit();
			}
			
			$query = "UPDATE `questionnair` SET `description` = '$newDescription' WHERE `id` = '$questionnaireID';";
			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
            
		}
		
	
	}