Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include('includes/start.php');
- if (!isset($_SESSION['user_level']) or ($_SESSION['user_level'] != 1))
- { header("Location: login.php");
- exit();
- }
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Sangre De Cristo Hospice & Palliative Care Edit Employee Record</title>
- <link rel="stylesheet" href="style.css" />
- <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
- </head>
- <body>
- <div class="Main">
- <?php include('includes/header.php'); ?>
- <div class="Main">
- <h2>Edit Employee</h2>
- <?php
- echo '<pre style="text-align:left">GET'.print_r($_GET, true).'</pre>';
- echo '<pre style="text-align:left">POST'.print_r($_POST, true).'</pre>';
- echo '<pre style="text-align:left">SERVER'.print_r($_SERVER, true).'</pre>';
- echo '<pre style="text-align:left">SESSION'.print_r($_SESSION, true).'</pre>';
- if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) {
- $id = $_GET['id'];
- } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) {
- $id = $_POST['id'];
- } else {
- echo '<p>This page has been accessed in error.</p>';
- exit();
- }
- require ('mysqli_connect.php');
- if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $errors = array();
- //Employee ID
- $eid = trim($_POST['employee_id']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($eid));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the Employee ID.';
- }else{
- $employee_id = $stripped;
- }
- //Last Name
- $lname = trim($_POST['last_name']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($lname));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the Employees Last Name.';
- }else{
- $last_name = $stripped;
- }
- // First Name
- $fname = trim($_POST['first_name']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($fname));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the Employees First Name.';
- }else{
- $first_name = $stripped;
- }
- // Extension
- $ext = trim($_POST['extension']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($ext));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the Extension.';
- }else{
- $extension = $stripped;
- }
- // Title
- $tit = trim($_POST['title']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($tit));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the Title.';
- }else{
- $title = $stripped;
- }
- // Trim the cell phone
- $cph = trim($_POST['cell_phone']);
- // Strip HTML and apply escaping
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($cph));
- // Get string lengths
- $strlen = mb_strlen($stripped, 'utf8');
- // Check stripped string
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the cell phone.';
- }else{
- $cell_phone = $stripped;
- }
- // Direct Dial
- $direct = trim($_POST['direct_dial']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($direct));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter direct dial.';
- }else{
- $direct_dial = $stripped;
- }
- // Trim the pager
- $pag = trim($_POST['pager']);
- // Strip HTML and apply escaping
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($pag));
- // Get string lengths
- $strlen = mb_strlen($stripped, 'utf8');
- // Check stripped string
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the pager.';
- }else{
- $pager = $stripped;
- }
- // Location ID
- $location = trim($_POST['location_id']);
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($location));
- $strlen = mb_strlen($stripped, 'utf8');
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the Location ID.';
- }else{
- $location_id = $stripped;
- }
- // Trim the home phone
- $hph = trim($_POST['home_phone']);
- // Strip HTML and apply escaping
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($hph));
- // Get string lengths
- $strlen = mb_strlen($stripped, 'utf8');
- // Check stripped string
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the home phone.';
- }else{
- $home_phone = $stripped;
- }
- // Trim the fax
- $fx = trim($_POST['FAX']);
- // Strip HTML and apply escaping
- $stripped = mysqli_real_escape_string($dbcon, strip_tags($fx));
- // Get string lengths
- $strlen = mb_strlen($stripped, 'utf8');
- // Check stripped string
- if( $strlen < 1 ) {
- $errors[] = 'You forgot to enter the fax.';
- }else{
- $FAX = $stripped;
- }
- if (empty($errors)) {
- $q = "SELECT employee_id FROM employee WHERE last_name='$last_name' AND employee_id != $id";
- $result = @mysqli_query($dbcon, $q);
- if (mysqli_num_rows($result) == 0) {
- $q = "UPDATE employee SET employee_id='$employee_id', last_name='$last_name', first_name='$first_name', extension='$extension', title='$title', cell_phone='$cell_phone', direct_dial='$direct_dial', pager='$pager', location_id='$location_id', home_phone='$home_phone', FAX='$FAX' WHERE employee_id=$id LIMIT 1";
- $result = @mysqli_query ($dbcon, $q);
- if (mysqli_affected_rows($dbcon) == 1) {
- echo '<h2>The employee record has been updated</h2>';
- } else {
- echo '<p>The employee record could not be edited due to a system error. We apologize for any inconvenience.</p>';
- echo '<p>' . mysqli_error($dbcon) . '<br />Query: ' . $q . '</p>';
- }
- }
- }else {
- echo '<p>The following error(s) occurred:<br>';
- foreach ($errors as $msg) {
- echo " - $msg<br/>\n";
- }
- echo '</p><p>Please try again.</p>';
- }
- }
- $q = "SELECT employee_id, last_name, first_name, extension, title, cell_phone, direct_dial, pager, location_id, home_phone, FAX FROM employee WHERE employee_id=$id";
- $result = @mysqli_query ($dbcon, $q);
- if (mysqli_num_rows($result) == 1) {
- $row = mysqli_fetch_array ($result, MYSQLI_NUM);
- echo '<form action="edit-employee.php" method="post">
- <p><label class="label" for="employee_id">Employee ID:</label><input id="employee_id" type="text" name="employee_id" size="25"
- maxlength="30" value="' . $row[0] . '"></p>
- <p><label class="label" for="last_name">Last Name:</label><input id="last_name" type="text" name="last_name" size="25"
- maxlength="30" value="' . $row[1] . '"></p>
- <p><label class="label" for="first_name">First Name:</label><input id="first_name" type="text" name="first_name" size="25"
- maxlength="30" value="' . $row[2] . '"></p>
- <p><label class="label" for="extension">Extension:</label><input id="extension" type="text" name="extension" size="25"
- maxlength="30" value="' . $row[3] . '"></p>
- <p><label class="label" for="title">Title:</label><input id="title" type="text" name="title" size="25"
- maxlength="30" value="' . $row[4] . '"></p>
- <p><label class="label" for="cell_phone">Cell Phone:</label><input id="cell_phone" type="text" name="cell_phone" size="25"
- maxlength="30" value="' . $row[5] . '"></p>
- <p><label class="label" for="direct_dial">Direct Dial:</label><input id="direct_dial" type="text" name="direct_dial" size="25"
- maxlength="30" value="' . $row[6] . '"></p>
- <p><label class="label" for="pager">Pager:</label><input id="pager" type="text" name="pager" size="25"
- maxlength="30" value="' . $row[7] . '"></p>
- <p><label class="label" for="location_id">Location ID:</label><input id="location_id" type="text" name="location_id" size="25"
- maxlength="30" value="' . $row[8] . '"></p>
- <p><label class="label" for="home_phone">Home Phone:</label><input id="home_phone" type="text" name="home_phone" size="25"
- maxlength="30" value="' . $row[9] . '"></p>
- <p><label class="label" for="FAX">Fax:</label><input id="FAX" type="text" name="FAX" size="25"
- maxlength="30" value="' . $row[10] . '"></p>
- <p> <p><input id="submit" type="submit" name="submit" value="Edit Employee"></p>
- <br><input type="hidden" name="id" value="' . $id . '" />
- </form>';
- } else {
- echo '<p>This page has been accessed by an unauthorized person.</p>';
- }
- mysqli_close($dbcon);
- ?>
- </div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement