API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 29th, 2015
238
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.94 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include('includes/start.php');
  3. if (!isset($_SESSION['user_level']) or ($_SESSION['user_level'] != 1))
  4. { header("Location: login.php");
  5. exit();
  6. }
  7. ?>
  8. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  9. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  10. <html xmlns="http://www.w3.org/1999/xhtml">
  11. <head>
  12. <title>Sangre De Cristo Hospice &amp; Palliative Care Edit Employee Record</title>
  13. <link rel="stylesheet" href="style.css" />
  14. <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
  15. </head>
  16. <body>
  17. <div class="Main">
  18. <?php include('includes/header.php'); ?>
  19. <div class="Main">
  20. <h2>Edit Employee</h2>
  21.  
  22.  
  23.  
  24. <?php
  25.  
  26.  
  27. echo '<pre style="text-align:left">GET'.print_r($_GET, true).'</pre>';
  28. echo '<pre style="text-align:left">POST'.print_r($_POST, true).'</pre>';
  29. echo '<pre style="text-align:left">SERVER'.print_r($_SERVER, true).'</pre>';
  30. echo '<pre style="text-align:left">SESSION'.print_r($_SESSION, true).'</pre>';
  31.  
  32.  
  33. if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) {
  34. $id = $_GET['id'];
  35. } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) {
  36. $id = $_POST['id'];
  37. } else {
  38. echo '<p>This page has been accessed in error.</p>';
  39. exit();
  40. }
  41. require ('mysqli_connect.php');
  42. if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  43. $errors = array();
  44. //Employee ID
  45. $eid = trim($_POST['employee_id']);
  46. $stripped = mysqli_real_escape_string($dbcon, strip_tags($eid));
  47. $strlen = mb_strlen($stripped, 'utf8');
  48. if( $strlen < 1 ) {
  49. $errors[] = 'You forgot to enter the Employee ID.';
  50. }else{
  51. $employee_id = $stripped;
  52. }
  53. //Last Name
  54. $lname = trim($_POST['last_name']);
  55. $stripped = mysqli_real_escape_string($dbcon, strip_tags($lname));
  56. $strlen = mb_strlen($stripped, 'utf8');
  57. if( $strlen < 1 ) {
  58. $errors[] = 'You forgot to enter the Employees Last Name.';
  59. }else{
  60. $last_name = $stripped;
  61. }
  62. // First Name
  63. $fname = trim($_POST['first_name']);
  64. $stripped = mysqli_real_escape_string($dbcon, strip_tags($fname));
  65. $strlen = mb_strlen($stripped, 'utf8');
  66. if( $strlen < 1 ) {
  67. $errors[] = 'You forgot to enter the Employees First Name.';
  68. }else{
  69. $first_name = $stripped;
  70. }
  71.  
  72. // Extension
  73. $ext = trim($_POST['extension']);
  74. $stripped = mysqli_real_escape_string($dbcon, strip_tags($ext));
  75. $strlen = mb_strlen($stripped, 'utf8');
  76. if( $strlen < 1 ) {
  77. $errors[] = 'You forgot to enter the Extension.';
  78. }else{
  79. $extension = $stripped;
  80. }
  81. // Title
  82. $tit = trim($_POST['title']);
  83. $stripped = mysqli_real_escape_string($dbcon, strip_tags($tit));
  84. $strlen = mb_strlen($stripped, 'utf8');
  85. if( $strlen < 1 ) {
  86. $errors[] = 'You forgot to enter the Title.';
  87. }else{
  88. $title = $stripped;
  89. }
  90.  
  91. // Trim the cell phone
  92. $cph = trim($_POST['cell_phone']);
  93. // Strip HTML and apply escaping
  94. $stripped = mysqli_real_escape_string($dbcon, strip_tags($cph));
  95. // Get string lengths
  96. $strlen = mb_strlen($stripped, 'utf8');
  97. // Check stripped string
  98. if( $strlen < 1 ) {
  99. $errors[] = 'You forgot to enter the cell phone.';
  100. }else{
  101. $cell_phone = $stripped;
  102. }
  103.  
  104. // Direct Dial
  105. $direct = trim($_POST['direct_dial']);
  106. $stripped = mysqli_real_escape_string($dbcon, strip_tags($direct));
  107. $strlen = mb_strlen($stripped, 'utf8');
  108. if( $strlen < 1 ) {
  109. $errors[] = 'You forgot to enter direct dial.';
  110. }else{
  111. $direct_dial = $stripped;
  112. }
  113. // Trim the pager
  114. $pag = trim($_POST['pager']);
  115. // Strip HTML and apply escaping
  116. $stripped = mysqli_real_escape_string($dbcon, strip_tags($pag));
  117. // Get string lengths
  118. $strlen = mb_strlen($stripped, 'utf8');
  119. // Check stripped string
  120. if( $strlen < 1 ) {
  121. $errors[] = 'You forgot to enter the pager.';
  122. }else{
  123. $pager = $stripped;
  124. }
  125. // Location ID
  126. $location = trim($_POST['location_id']);
  127. $stripped = mysqli_real_escape_string($dbcon, strip_tags($location));
  128. $strlen = mb_strlen($stripped, 'utf8');
  129. if( $strlen < 1 ) {
  130. $errors[] = 'You forgot to enter the Location ID.';
  131. }else{
  132. $location_id = $stripped;
  133. }
  134.  
  135. // Trim the home phone
  136. $hph = trim($_POST['home_phone']);
  137. // Strip HTML and apply escaping
  138. $stripped = mysqli_real_escape_string($dbcon, strip_tags($hph));
  139. // Get string lengths
  140. $strlen = mb_strlen($stripped, 'utf8');
  141. // Check stripped string
  142. if( $strlen < 1 ) {
  143. $errors[] = 'You forgot to enter the home phone.';
  144. }else{
  145. $home_phone = $stripped;
  146. }
  147.  
  148. // Trim the fax
  149. $fx = trim($_POST['FAX']);
  150. // Strip HTML and apply escaping
  151. $stripped = mysqli_real_escape_string($dbcon, strip_tags($fx));
  152. // Get string lengths
  153. $strlen = mb_strlen($stripped, 'utf8');
  154. // Check stripped string
  155. if( $strlen < 1 ) {
  156. $errors[] = 'You forgot to enter the fax.';
  157. }else{
  158. $FAX = $stripped;
  159. }
  160.  
  161. if (empty($errors)) {
  162. $q = "SELECT employee_id FROM employee WHERE last_name='$last_name' AND employee_id != $id";
  163. $result = @mysqli_query($dbcon, $q);
  164. if (mysqli_num_rows($result) == 0) {
  165. $q = "UPDATE employee SET employee_id='$employee_id', last_name='$last_name', first_name='$first_name', extension='$extension', title='$title', cell_phone='$cell_phone', direct_dial='$direct_dial', pager='$pager', location_id='$location_id', home_phone='$home_phone', FAX='$FAX' WHERE employee_id=$id LIMIT 1";
  166. $result = @mysqli_query ($dbcon, $q);
  167. if (mysqli_affected_rows($dbcon) == 1) {
  168. echo '<h2>The employee record has been updated</h2>';
  169. } else {
  170. echo '<p>The employee record could not be edited due to a system error. We apologize for any inconvenience.</p>';
  171. echo '<p>' . mysqli_error($dbcon) . '<br />Query: ' . $q . '</p>';
  172. }
  173. }
  174. }else {
  175. echo '<p>The following error(s) occurred:<br>';
  176. foreach ($errors as $msg) {
  177. echo " - $msg<br/>\n";
  178. }
  179. echo '</p><p>Please try again.</p>';
  180. }
  181. }
  182. $q = "SELECT employee_id, last_name, first_name, extension, title, cell_phone, direct_dial, pager, location_id, home_phone, FAX FROM employee WHERE employee_id=$id";
  183. $result = @mysqli_query ($dbcon, $q);
  184. if (mysqli_num_rows($result) == 1) {
  185. $row = mysqli_fetch_array ($result, MYSQLI_NUM);
  186.  
  187. echo '<form action="edit-employee.php" method="post">
  188. <p><label class="label" for="employee_id">Employee ID:</label><input id="employee_id" type="text" name="employee_id" size="25"
  189. maxlength="30" value="' . $row[0] . '"></p>
  190. <p><label class="label" for="last_name">Last Name:</label><input id="last_name" type="text" name="last_name" size="25"
  191. maxlength="30" value="' . $row[1] . '"></p>
  192. <p><label class="label" for="first_name">First Name:</label><input id="first_name" type="text" name="first_name" size="25"
  193. maxlength="30" value="' . $row[2] . '"></p>
  194. <p><label class="label" for="extension">Extension:</label><input id="extension" type="text" name="extension" size="25"
  195. maxlength="30" value="' . $row[3] . '"></p>
  196. <p><label class="label" for="title">Title:</label><input id="title" type="text" name="title" size="25"
  197. maxlength="30" value="' . $row[4] . '"></p>
  198. <p><label class="label" for="cell_phone">Cell Phone:</label><input id="cell_phone" type="text" name="cell_phone" size="25"
  199. maxlength="30" value="' . $row[5] . '"></p>
  200. <p><label class="label" for="direct_dial">Direct Dial:</label><input id="direct_dial" type="text" name="direct_dial" size="25"
  201. maxlength="30" value="' . $row[6] . '"></p>
  202. <p><label class="label" for="pager">Pager:</label><input id="pager" type="text" name="pager" size="25"
  203. maxlength="30" value="' . $row[7] . '"></p>
  204. <p><label class="label" for="location_id">Location ID:</label><input id="location_id" type="text" name="location_id" size="25"
  205. maxlength="30" value="' . $row[8] . '"></p>
  206. <p><label class="label" for="home_phone">Home Phone:</label><input id="home_phone" type="text" name="home_phone" size="25"
  207. maxlength="30" value="' . $row[9] . '"></p>
  208. <p><label class="label" for="FAX">Fax:</label><input id="FAX" type="text" name="FAX" size="25"
  209. maxlength="30" value="' . $row[10] . '"></p>
  210.  
  211. <p>&nbsp;<p><input id="submit" type="submit" name="submit" value="Edit Employee"></p>
  212. <br><input type="hidden" name="id" value="' . $id . '" />
  213. </form>';
  214. } else {
  215. echo '<p>This page has been accessed by an unauthorized person.</p>';
  216. }
  217. mysqli_close($dbcon);
  218. ?>
  219. </div>
  220. </div>
  221. </body>
  222. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!