API tools faq
paste
Guest User

Untitled

a guest
Aug 1st, 2017
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.42 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*
  4.  
  5. EDIT.PHP
  6.  
  7. Allows user to edit specific entry in database
  8.  
  9. */
  10.  
  11.  
  12.  
  13. // creates the edit record form
  14.  
  15. // since this form is used multiple times in this file, I have made it a function that is easily reusable
  16.  
  17. function renderForm($user_id, $user_email, $content, $error)
  18.  
  19. {
  20.  
  21. ?>
  22.  
  23. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
  24.  
  25. <html>
  26.  
  27. <head>
  28.  
  29. <title>Edit Record</title>
  30.  
  31. </head>
  32.  
  33. <body>
  34.  
  35. <?php
  36.  
  37. // if there are any errors, display them
  38.  
  39. if ($error != '')
  40.  
  41. {
  42.  
  43. echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
  44.  
  45. }
  46.  
  47. ?>
  48.  
  49.  
  50.  
  51. <form action="" method="post">
  52.  
  53. <input type="hidden" name="user_id" value="<?php echo $user_id; ?>"/>
  54.  
  55. <div>
  56.  
  57. <p><strong>user_id:</strong> <?php echo $user_id; ?></p>
  58.  
  59. <input type="submit" name="submit" value="Editar">
  60.  
  61. <strong>email: *</strong> <input type="text" name="user_email" value="<?php echo $user_email; ?>"/><br/>
  62.  
  63. <strong>contra cheque: *</strong> <textarea rows="20" cols="50" type="text" name="content" value="<?php echo $content; ?>"/><br/>
  64.  
  65. <p>* Required</p>
  66.  
  67. <input type="submit" name="submit" value="Editar">
  68.  
  69. </div>
  70.  
  71. </form>
  72.  
  73. </body>
  74.  
  75. </html>
  76.  
  77. <?php
  78.  
  79. }
  80.  
  81.  
  82.  
  83.  
  84.  
  85.  
  86.  
  87. // connect to the database
  88.  
  89. include('connect-db.php');
  90.  
  91.  
  92.  
  93. // check if the form has been submitted. If it has, process the form and save it to the database
  94.  
  95. if (isset($_POST['submit']))
  96.  
  97. {
  98.  
  99. // confirm that the 'user_id' value is a valid integer before getting the form data
  100.  
  101. if (is_numeric($_POST['user_id']))
  102.  
  103. {
  104.  
  105. // get form data, making sure it is valid
  106.  
  107. $user_id = $_POST['user_id'];
  108.  
  109. $user_email = mysql_real_escape_string(htmlspecialchars($_POST['user_email']));
  110.  
  111. $content = mysql_real_escape_string(htmlspecialchars($_POST['content']));
  112.  
  113.  
  114.  
  115. // check that firstname/lastname fields are both filled in
  116.  
  117. if ($user_email == '' || $content == '')
  118.  
  119. {
  120.  
  121. // generate error message
  122.  
  123. $error = 'ERROR: Please fill in all required fields!';
  124.  
  125.  
  126.  
  127. //error, display form
  128.  
  129. renderForm($user_id, $user_email, $content, $error);
  130.  
  131. }
  132.  
  133. else
  134.  
  135. {
  136.  
  137. // save the data to the database
  138.  
  139. mysql_query("UPDATE tbl_users SET user_email='$user_email', content='$content' WHERE user_id='$user_id'")
  140.  
  141. or die(mysql_error());
  142.  
  143.  
  144.  
  145. // once saved, redirect back to the view page
  146.  
  147. header("Location: view.php");
  148.  
  149. }
  150.  
  151. }
  152.  
  153. else
  154.  
  155. {
  156.  
  157. // if the 'user_id' isn't valid, display an error
  158.  
  159. echo 'Error!';
  160.  
  161. }
  162.  
  163. }
  164.  
  165. else
  166.  
  167. // if the form hasn't been submitted, get the data from the db and display the form
  168.  
  169. {
  170.  
  171.  
  172.  
  173. // get the 'user_id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
  174.  
  175. if (isset($_GET['user_id']) && is_numeric($_GET['user_id']) && $_GET['user_id'] > 0)
  176.  
  177. {
  178.  
  179. // query db
  180.  
  181. $user_id = $_GET['user_id'];
  182.  
  183. $result = mysql_query("SELECT * FROM tbl_users WHERE user_id=$user_id")
  184.  
  185. or die(mysql_error());
  186.  
  187. $row = mysql_fetch_array($result);
  188.  
  189.  
  190.  
  191. // check that the 'user_id' matches up with a row in the databse
  192.  
  193. if($row)
  194.  
  195. {
  196.  
  197.  
  198.  
  199. // get data from db
  200.  
  201. $user_email = $row['user_email'];
  202.  
  203. $content = $row['content'];
  204.  
  205.  
  206.  
  207. // show form
  208.  
  209. renderForm($user_id, $user_email, $content, '');
  210.  
  211. }
  212.  
  213. else
  214.  
  215. // if no match, display result
  216.  
  217. {
  218.  
  219. echo "No results!";
  220.  
  221. }
  222.  
  223. }
  224.  
  225. else
  226.  
  227. // if the 'user_id' in the URL isn't valid, or if there is no 'user_id' value, display an error
  228.  
  229. {
  230.  
  231. echo 'Error!';
  232.  
  233. }
  234.  
  235. }
  236.  
  237. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!