Ei kuvausta

updateMoment.php 3.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(4) { ["momentID"]=> string(3) "137" ["newTitle"]=> string(18) "saludos de saludos" ["newDescription"]=> string(18) "saludos de saludos" ["updateMoment"]=> string(0) "" }
  7. if(isset($_POST['updateMoment'])) {
  8. $momentID = mysqli_real_escape_string($connection, trim($_POST['momentID']));
  9. // Check that moment ID is not empty string
  10. // And that it's registered in the database
  11. if($momentID === "") {
  12. http_response_code(400);
  13. echo json_encode(array("error" => "Please specify moment ID."));
  14. exit();
  15. } else if(mysqli_query($connection, "SELECT * FROM subquestionnair WHERE id = '$momentID';")->num_rows !== 1) {
  16. http_response_code(400);
  17. echo json_encode(array("error" => "Given moment ID ($momentID) not in database."));
  18. exit();
  19. }
  20. // UPDATE TITLE
  21. if(isset($_POST['newTitle'])) {
  22. $newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
  23. // Check that moment title is not empty
  24. // And that it's less than 60 characters in length (database limit)
  25. if($newTitle === "") {
  26. http_response_code(400);
  27. echo json_encode(array("error" => "Please specify title."));
  28. exit();
  29. } else if(mb_strlen($newTitle) > 60) {
  30. http_response_code(400);
  31. echo json_encode(array("error" => "Title too long (max. is 60 characters)."));
  32. exit();
  33. }
  34. $query = "UPDATE `subquestionnair` SET `title` = '$newTitle' WHERE `id` = '$momentID';";
  35. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  36. }
  37. // UPDATE DESCRIPTION
  38. if(isset($_POST['newDescription'])) {
  39. $newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
  40. // Check that moment description is not empty
  41. // And that it's less than 100 characters in length (database limit)
  42. if($newDescription === "") {
  43. http_response_code(400);
  44. echo json_encode(array("error" => "Please specify description."));
  45. exit();
  46. } else if(mb_strlen($newDescription) > 100) {
  47. http_response_code(400);
  48. echo json_encode(array("error" => "Description too long (max. is 100 characters)."));
  49. exit();
  50. }
  51. $query = "UPDATE `subquestionnair` SET `description` = '$newDescription' WHERE `id` = '$momentID';";
  52. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  53. }
  54. if(isset($_POST['newDate'])) {
  55. $momentDate = mysqli_real_escape_string($connection, trim($_POST['newDate']));
  56. // Check that momentDate is not an empty string
  57. // And that momentDate is in appropriate format YYYY-MM-DDThh:mm (e.g. 121212-12-12T12:12)
  58. // WARNING: only handling AST
  59. // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
  60. function validDate($date) {
  61. $d = date_create_from_format("Y-m-d\TH:i", $date);
  62. return $d && date_format($d, "Y-m-d\TH:i") === $date;
  63. }
  64. if($momentDate === "") {
  65. http_response_code(400);
  66. echo json_encode(array("error" => "Please specify moment date."));
  67. exit();
  68. } else if(!validDate($momentDate)) {
  69. http_response_code(400);
  70. echo json_encode(array("error" => "Moment date ($momentDate) given in wrong format (use YYYY-MM-DDTHH:mm instead)."));
  71. exit();
  72. }
  73. $queryMoment =
  74. "UPDATE subquestionnair
  75. SET date_to_administer = '$momentDate'
  76. WHERE id = '$momentID';";
  77. if(!mysqli_query($connection, $queryMoment)) {
  78. http_response_code(400);
  79. echo json_encode(array("error" => "Couldn't update moment date. ".mysqli_error($connection)));
  80. }
  81. }
  82. }