add-edit-affiliate

1. <?php
2. ini_set('display_startup_errors',1);
3. ini_set('display_errors',1);
4. error_reporting(-1);
5. ?>
6.  
7. <?php
8. /*
9. Allows the user to both create new records and edit existing records
10. */
11.  
12. // connect to the database
13. include("connect-db.php");
14.  
15. // creates the new/edit record form
16. // since this form is used multiple times in this file, I have made it a function that is easily reusable
17. function renderForm($name = '', $username = '', $amount_earned = '', $error = '', $id = '')
18. { ?>
19. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
20. <html>
21. <head>
22. <title>
23. <?php if ($id != '') { echo "Edit Affiliate"; } else { echo "New Affiliate"; } ?>
24. </title>
25. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
26.  
27. <link rel="stylesheet"href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/blitzer/jquery-ui.css"/>
28. <script src="//code.jquery.com/jquery-1.10.2.js"></script>
29. <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
30.  
31. <link rel="stylesheet" type="text/css" media="screen" href="css/styles.css" />
32.  
33. <script src="js/jquery.ui.timepicker.js"></script>
34. <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ui.timepicker.css" />
35.  
36. <!--<script src="//cdn.ckeditor.com/4.5.5/full/ckeditor.js"></script>-->
37.  
38. </head>
39. <body>
40.  
41. <div id="logo">
42. <img src="images/logo/it-done-right.jpg" alt="" title="">
43. </div>
44.  
45. <?
46. session_start();
47. if($_SESSION['user']==''){
48. header("Location:../index.php");
49. }else{
50. include("../config.php");
51. $sql=$dbh->prepare("SELECT * FROM users WHERE id=?");
52. $sql->execute(array($_SESSION['user']));
53. while($r=$sql->fetch()){
54. echo "<div class='home-content'>";
55. echo "<center><h2>Hello, ".$r['username']."</h2>";
56. echo "<a href='../logout.php'>Log Out</a>
57. <br><br>
58. <a href='../index.php'>Home</a></center>";
59. echo "</div>";
60. echo "<br>";
61. }
62. }
63. ?>
64.  
65. <?php include("nav-menu.php"); ?>
66.  
67. <h1><?php if ($id != '') { echo "Edit Affiliate"; } else { echo "New Affiliate"; } ?></h1>
68. <?php if ($error != '') {
69. echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
70. . "</div>";
71. } ?>
72.  
73. <form action="" method="post" class="basic-grey">
74. <div>
75. <?php if ($id != '') { ?>
76. <input type="hidden" name="id" value="<?php echo $id; ?>" />
77. <p>Affiliate ID: <?php echo $id; ?></p>
78. <?php } ?>
79.  
80. <br>
81. <strong>Customer Name:</strong> <input type="text" name="name"
82. value="<?php echo $name; ?>"/>
83. <br/>
84. <strong>Customer Email:</strong> <input type="text" name="username"
85. value="<?php echo $username; ?>"/>
86. <br>
87. <strong>Amount Earned:</strong> <input type="text" name="amount_earned"
88. value="<?php echo $amount_earned; ?>"/>
89. <br>
90. <input type="submit" name="submit" value="Add/Update Affiliate" />
91. </div>
92. </form>
93. </body>
94. </html>
95.  
96. <?php }
97.  
98. /*
99.  
100. EDIT RECORD
101.  
102. */
103. // if the 'id' variable is set in the URL, we know that we need to edit a record
104. if (isset($_GET['id']))
105. {
106. // if the form's submit button is clicked, we need to process the form
107. if (isset($_POST['submit']))
108. {
109. // make sure the 'id' in the URL is valid
110. if (is_numeric($_POST['id']))
111. {
112. // get variables from the URL/form
113. $id = $_POST['id'];
114. $name = htmlentities($_POST['name'], ENT_QUOTES);
115. $username = htmlentities($_POST['username'], ENT_QUOTES);
116. $amount_earned = htmlentities($_POST['amount_earned'], ENT_QUOTES);
117.  
118. // check that firstname and lastname are both not empty
119. if ($name == '' || $username == '' || $amount_earned == '')
120. {
121. // if they are empty, show an error message and display the form
122. $error = 'ERROR: Please fill in all required fields!';
123. renderForm($name, $username, $amount_earned, $error, $id);
124. }
125. else
126. {
127. // if everything is fine, update the record in the database
128. if ($stmt = $mysqli->prepare("UPDATE affiliates SET name = ?, username = ?, amount_earned = ?,
129. WHERE id=?"))
130. {
131. $stmt->bind_param("sssi", $name, $username, $amount_earned, $id);
132. $stmt->execute();
133. $stmt->close();
134. }
135. // show an error message if the query has an error
136. else
137. {
138. echo "ERROR: could not prepare SQL statement.";
139. }
140.  
141. // redirect the user once the form is updated
142. header("Location: view-affiliates.php");
143. }
144. }
145. // if the 'id' variable is not valid, show an error message
146. else
147. {
148. echo "Error!";
149. }
150. }
151. // if the form hasn't been submitted yet, get the info from the database and show the form
152. else
153. {
154. // make sure the 'id' value is valid
155. if (is_numeric($_GET['id']) && $_GET['id'] > 0)
156. {
157. // get 'id' from URL
158. $id = $_GET['id'];
159.  
160. // get the recod from the database
161. if($stmt = $mysqli->prepare("SELECT id, name, username, amount_earned FROM affiliates WHERE id=?"))
162. {
163. $stmt->bind_param("i", $id);
164. $stmt->execute();
165.  
166. $stmt->bind_result($id, $name, $username, $amount_earned);
167. $stmt->fetch();
168.  
169. // show the form
170. renderForm($name, $username, $amount_earned, NULL, $id);
171.  
172. $stmt->close();
173. }
174. // show an error if the query has an error
175. else
176. {
177. echo "Error: could not prepare SQL statement";
178. }
179. }
180. // if the 'id' value is not valid, redirect the user back to the view.php page
181. else
182. {
183. header("Location: view-affiliates.php");
184. }
185. }
186. }
187.  
188. /*
189.  
190. NEW RECORD
191.  
192. */
193.  
194. // if the 'id' variable is not set in the URL, we must be creating a new record
195. else
196. {
197. // if the form's submit button is clicked, we need to process the form
198. if (isset($_POST['submit']))
199. {
200. // get the form data
201. $name = htmlentities($_POST['name'], ENT_QUOTES);
202. $username = htmlentities($_POST['username'], ENT_QUOTES);
203. $amount_earned = htmlentities($_POST['amount_earned'], ENT_QUOTES);
204.  
205. // check that firstname and lastname are both not empty
206. if ($name == '' || $username == '' || $amount_earned == '')
207. {
208. // if they are empty, show an error message and display the form
209. $error = 'ERROR: Please fill in all required fields!';
210. renderForm($name, $username, $amount_earned, $error);
211. }
212. else
213. {
214. // insert the new record into the database
215.  
216. if ($stmt = $mysqli->prepare("INSERT affiliates (name, username, amount_earned) VALUES (?, ?, ?)"))
217. {
218. $stmt->bind_param("sss", $name, $username, $amount_earned);
219. $stmt->execute();
220. $stmt->close();
221. }
222. // show an error if the query has an error
223. else
224. {
225. echo "ERROR: Could not prepare SQL statement.";
226. }
227.  
228. // redirec the user
229. header("Location: view-affiliates.php");
230. }
231.  
232. }
233.  
234. // if the form hasn't been submitted yet, show the form
235. else
236. {
237. renderForm();
238. }
239. }
240.  
241. // close the mysqli connection
242. $mysqli->close();
243. ?>