<?phpsession_start(); if(isset($_SESSION["username"])) { // Welcom

1. <?php
2. session_start();
3. if(isset($_SESSION["username"]))
4. {
5. // Welcome Alert
6. $welcomeuser = '<div id="alert1" class="alert alert-success alert-dismissible" role="alert">
7. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>Login Success, Welcome - '.$_SESSION["username"].'</h3><div>';
8. }
9. else
10. {
11. header("location:loginnew.php");
12. }
13. // function to insert data in the database
14. function insertappointment($db) {
15.  
16. if(!isset($_POST['submit'])) {
17. return;
18. }
19. $errMsg = '';
20.  
21. // get the data from the front end
22. $fullname = $_POST['fullname'];
23. $day = $_POST['day'];
24. $time = $_POST['time'];
25.  
26.  
27. // check the values
28. if( !$fullname || !$day || !$time) {
29. echo 'One or more fields are empty.';
30. return;
31. }
32. else {
33. // escape special characters in a string for use in the SQL statement
34. }
35.  
36. // create a query
37. $userid = $_SESSION['userid'];
38. $sqlQuery = "INSERT INTO `appointments` (`userid`, `FullName`, `Day`, `Time`) VALUES (?,?,?,?)";
39.  
40.  
41. //prepare the query
42. $query = $db->prepare($sqlQuery);
43. //execute the query
44. $query->execute(array($userid,$fullname,$day,$time));
45.  
46. // check if the student was successfully inserted in the database
47. if ($query) {
48. echo '<div id="alert1" class="alert alert-success alert-dismissible" role="alert">
49. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>The appointment was inserted in the database</h3></div>';
50. }
51. else {
52. // print the error generated
53. echo '<div id="alert1" class="alert alert-danger alert-dismissible" role="alert">
54. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>The appointment was not inserted in the database</h3></div>';
55. }
56.  
57. }
58. function deleteappointment($db) {
59.  
60. if(!isset($_POST['delete'])) {
61. return;
62. }
63. $errMsg = '';
64.  
65. // create a query
66. $userid = $_SESSION['userid'];
67. $sqlQuery = "DELETE FROM `appointments` WHERE `userid`";
68.  
69.  
70. //prepare the query
71. $query = $db->prepare($sqlQuery);
72. //execute the query
73. $query->execute(array($userid));
74.  
75. // check if the student was successfully inserted in the database
76. if ($query) {
77. echo '<div id="alert1" class="alert alert-success alert-dismissible" role="alert">
78. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>The appointment was deleted from the database</h3></div>';
79. }
80. else {
81. // print the error generated
82. echo '<div id="alert1" class="alert alert-success alert-dismissible" role="alert">
83. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>The appointment was not deleted from the database</h3></div>';
84. }
85.  
86. }
87. function updateappointment($db) {
88.  
89. if(!isset($_POST['update'])) {
90. return;
91. }
92. $errMsg = '';
93.  
94. // get the data from the front end
95. $fullname = $_POST['fullname'];
96. $day = $_POST['day'];
97. $time = $_POST['time'];
98.  
99. // create a query
100. $userid = $_SESSION['userid'];
101. $sqlQuery = "UPDATE `appointments` SET `FullName`=`fullname` ,`Day`=`day`, `Time`=`time` WHERE `userid`";
102.  
103. //prepare the query
104. $query = $db->prepare($sqlQuery);
105. //execute the query
106. $query->execute(array($fullname,$day,$time));
107.  
108. // check if the student was successfully inserted in the database
109. if ($query) {
110. echo '<div id="alert1" class="alert alert-success alert-dismissible" role="alert">
111. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>The appointment was updated in the database</h3></div>';
112. }
113. else {
114. // print the error generated
115. echo '<div id="alert1" class="alert alert-success alert-dismissible" role="alert">
116. <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><h3>The appointment was not updated in the database</h3></div>';
117. }
118.  
119. }
120.  
121.  
122. /* Main body */
123. //connect to the DB
124. $dsn = 'mysql:host=localhost;dbname=oversurgery';
125. $user = 'toxic';
126. $password = 'sysop2018';
127.  
128. try {
129. $db = new PDO($dsn, $user, $password);
130. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
131. } catch (PDOException $e) {
132. // echo 'Connection failed: ' . $e->getMessage();
133. die('Sorry, database problem');
134. }
135.  
136. insertappointment($db);
137. deleteappointment($db);
138. updateappointment($db);
139. ?>
140.  
141. <?php
142.  
143. //connect to the DB
144. $dsn = 'mysql:host=localhost;dbname=oversurgery';
145. $user = 'toxic';
146. $password = 'sysop2018';
147.  
148. try {
149. $db = new PDO($dsn, $user, $password);
150. } catch (PDOException $e) {
151. die('Sorry, database problem');
152. }
153.  
154. // create a query
155. $userid = $_SESSION['userid'];
156. $sql= "SELECT * FROM appointments WHERE userid=:userid";
157. $stmt = $db->prepare($sql);
158. $stmt->execute([':userid' => $userid]);
159. $row =$stmt->fetchObject();
160. $row->Day;
161.  
162. ?>