webAdministracion/processes/updateExperience.php

<?php

	require_once 'config.php';
	require_once 'dbh.inc.php';
	require_once 'checkLogin.php';

	// IF USER ENTERS PAGE AFTER 'Save Changes' BUTTON HAS BEEN PRESSED (FROM viewExperience.php), EDIT EXPERIENCE BASIC INFO FROM DATABASE
	// ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php
	if(isset($_POST['updateExperience'])) {
		

		$id = mysqli_real_escape_string($connection, trim($_POST['id']));
		
		// Check that experience ID is not empty string
		// And that it's registered in the database
		if($id === "") {
			http_response_code(400);
			echo json_encode(array("error" => "Please specify experience ID."));
			exit();
		} else if(mysqli_query($connection, "SELECT * FROM experience WHERE id = '$id';")->num_rows !== 1) {
			http_response_code(400);
			echo json_encode(array("error" => "Given experience ID ($id) not in database."));
			exit();
		}

				
		// UPDATE TITLE
		if(isset($_POST['newTitle'])) {
		
			$newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
			
			// Check that experience title is not empty
			// And that it's less than 60 characters in length (database limit)
			if($newTitle === "") {
				http_response_code(400);
				echo json_encode(array("error" => "Please specify title."));
				exit();
			} else if(mb_strlen($newTitle) > 60) {
				http_response_code(400);
				echo json_encode(array("error" => "Title too long (max. is 60 characters)."));
				exit();
			}
			
			$query = "UPDATE `experience` SET `title` = '$newTitle' WHERE `id` = '$id';";
			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
            
		}
		
		// UPDATE DESCRIPTION
		if(isset($_POST['newDescription'])) {
		
			$newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
			
			// Check that experience title is not empty
			// And that it's less than 60 characters in length (database limit)
			if($newDescription === "") {
				http_response_code(400);
				echo json_encode(array("error" => "Please specify description."));
				exit();
			} else if(mb_strlen($newDescription) > 100) {
				http_response_code(400);
				echo json_encode(array("error" => "Description too long (max. is 100 characters)."));
				exit();
			}
			
			$query = "UPDATE `experience` SET `description` = '$newDescription' WHERE `id` = '$id';";
			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
            
		}
		
		
		
		
		/*** REMEMBER TO VALIDATE INPUT IF THE CODE BELOW IS TO BE USED ***/
		
		// UPDATE TYPE
// 		if(isset($_POST['newType']) AND $_POST['newType'] != " ") {
// 			$newType = mysqli_real_escape_string($connection, trim($_POST['newType']));
// 			$query = "UPDATE `experience` SET `type` = '$newType' WHERE `id` = '$id';";
// 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection)); 
// 		}
		
		// UPDATE DURATION
// 		if(isset($_POST['newDuration'])) {
// 			$newDuration = mysqli_real_escape_string($connection, trim($_POST['newDuration']));
// 			$query = "UPDATE `experience` SET `duration_weeks` = '$newDuration' WHERE `id` = '$id';";
// 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));  
// 		}
		
		// UPDATE START DATE
// 		if(isset($_POST['newStart'])) {
// 			$newStart = mysqli_real_escape_string($connection, trim($_POST['newStart']));
// 			$query = "UPDATE `experience` SET `start_date` = '$newStart' WHERE `id` = '$id';";
// 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
// 		}
		
		// UPDATE END DATE
// 		if(isset($_POST['newEnd'])) {
// 			$newEnd = mysqli_real_escape_string($connection, trim($_POST['newEnd']));
// 			$query = "UPDATE `experience` SET `end_date` = '$newEnd' WHERE `id` = '$id';";
// 			$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
// 		}
		
		
		
	}