123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 |
- <?php
-
- require_once 'config.php';
- require_once 'dbh.inc.php';
- require_once 'checkLogin.php';
-
-
- // EXAMPLE INPUT...
- // array(4) { ["momentID"]=> string(3) "137" ["newTitle"]=> string(18) "saludos de saludos" ["newDescription"]=> string(18) "saludos de saludos" ["updateMoment"]=> string(0) "" }
-
-
- if(isset($_POST['updateMoment'])) {
-
-
-
- $momentID = mysqli_real_escape_string($connection, trim($_POST['momentID']));
-
- // Check that moment ID is not empty string
- // And that it's registered in the database
- if($momentID === "") {
- http_response_code(400);
- echo json_encode(array("error" => "Please specify moment ID."));
- exit();
- } else if(mysqli_query($connection, "SELECT * FROM subquestionnair WHERE id = '$momentID';")->num_rows !== 1) {
- http_response_code(400);
- echo json_encode(array("error" => "Given moment ID ($momentID) not in database."));
- exit();
- }
-
-
-
- // UPDATE TITLE
- if(isset($_POST['newTitle'])) {
-
- $newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
-
- // Check that moment title is not empty
- // And that it's less than 60 characters in length (database limit)
- if($newTitle === "") {
- http_response_code(400);
- echo json_encode(array("error" => "Please specify title."));
- exit();
- } else if(mb_strlen($newTitle) > 60) {
- http_response_code(400);
- echo json_encode(array("error" => "Title too long (max. is 60 characters)."));
- exit();
- }
-
- $query = "UPDATE `subquestionnair` SET `title` = '$newTitle' WHERE `id` = '$momentID';";
- $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
-
- }
-
-
-
- // UPDATE DESCRIPTION
- if(isset($_POST['newDescription'])) {
-
- $newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
-
- // Check that moment description is not empty
- // And that it's less than 100 characters in length (database limit)
- if($newDescription === "") {
- http_response_code(400);
- echo json_encode(array("error" => "Please specify description."));
- exit();
- } else if(mb_strlen($newDescription) > 100) {
- http_response_code(400);
- echo json_encode(array("error" => "Description too long (max. is 100 characters)."));
- exit();
- }
-
- $query = "UPDATE `subquestionnair` SET `description` = '$newDescription' WHERE `id` = '$momentID';";
- $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
-
- }
-
-
-
- if(isset($_POST['newDate'])) {
-
- $momentDate = mysqli_real_escape_string($connection, trim($_POST['newDate']));
-
- // Check that momentDate is not an empty string
- // And that momentDate is in appropriate format YYYY-MM-DDThh:mm (e.g. 121212-12-12T12:12)
- // WARNING: only handling AST
- // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
-
- function validDate($date) {
- $d = date_create_from_format("Y-m-d\TH:i", $date);
- return $d && date_format($d, "Y-m-d\TH:i") === $date;
- }
-
- if($momentDate === "") {
- http_response_code(400);
- echo json_encode(array("error" => "Please specify moment date."));
- exit();
- } else if(!validDate($momentDate)) {
- http_response_code(400);
- echo json_encode(array("error" => "Moment date ($momentDate) given in wrong format (use YYYY-MM-DDTHH:mm instead)."));
- exit();
- }
-
- $queryMoment =
- "UPDATE subquestionnair
- SET date_to_administer = '$momentDate'
- WHERE id = '$momentID';";
-
- if(!mysqli_query($connection, $queryMoment)) {
- http_response_code(400);
- echo json_encode(array("error" => "Couldn't update moment date. ".mysqli_error($connection)));
- }
-
-
-
-
- }
-
-
- }
-
|