Untitled

<!--
The following HTML is what renders the form.  Since this
script is also the processing script for adding a task item to
the database, the action of the form is calling the same
script.  This is one of a few different ways that processing
data coming to the web server application from a client (the web browser).  This method is fairly safe as long as the data
coming from the web server is "sanitized", meaning we don't insert it into the database until we have cleaned it.
-->
<!DOCTYPE html>
<html>
<body>
<!--
The following code will display the lists that are stored in the
list table.  The list will be displayed as an HTML hyperlink with
the list id in the get string.  This will ensure that the id for
the list (which groups task list items) will be available when the task list item is inserted.
-->
<h2>List Table</h2>

<table>
  <tr>
    <th>Id</th>
    <th>List</th>
  </tr>
<?php
include "connectdb.php";
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "tasklist";
// Create connection
$conn =  connectdb($servername, $username, $password, $dbname);

$sql = "SELECT id,description FROM list";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "<tr><td>" . $row['id']. '</td><td><a href="?id=' .$row['id'].'">'. $row['description']. "</a><td></tr>";
    }
}
?>
</table>

<?php

/*
This is interesting, the HTML code will only display if the
there is an id on the get string of the URL
*/
if(filter_has_var(INPUT_GET,'id'))
{
    // Get the ID of the list, this was attached to the URL and
    // will come in when the URL is clicked on the list table --
    // The HTML table that has the list descriptions and was
    // rendered above.
    $list_id = filter_input(INPUT_GET,'id',FILTER_SANITIZE_NUMBER_INT);
?>
<h2>Add a Task Item</h2>

<form action="insert_and_display_task_items.php?id=<?php echo $list_id; ?>" method="post">
Task Item Description: <input type="text" name="description"><br>
Completed: <input type="text" name="completed" size="1"><br>
<input type="submit">
</form>

<?php
/* Make sure that we close the if statement*/
}
?>

<!--
The following PHP code is for processing the data coming from the form.
This code will also select all data from the list table of the tasklist
database and will display the data in a table.  The example code in this repository
display.php has some good ideas for how to display the code.  Put it after the
"filter and insert into the database" step
-->
<?php

/*
    1.  Check if there is data in the $_POST array
        We will be using the filter functions which
        do a pretty good job of filtering out potentially dangerous characters and possible attacks such as cross site scripting.
    2.  If there is data in the $_POST and/or $_GET array, clean it and  prepare the SQL statement

*/
// filter and insert data into the database if available
if(filter_has_var(INPUT_GET,'id'))
{

    //  process the form if there is data in it.
    if(filter_has_var(INPUT_POST,'description'))
    {
        $description = filter_input(INPUT_POST,'description',FILTER_SANITIZE_SPECIAL_CHARS);
        $completed = filter_input(INPUT_POST,'completed',FILTER_SANITIZE_SPECIAL_CHARS);
        $sql = "INSERT INTO listitem (id, list_id,description,completed) VALUES (NULL,'$list_id','$description','$completed')";

        if ($conn->query($sql) === TRUE) {
            print "New list item record successfully created";
        }
        else {
            echo "Error: " . $sql . "<br>" . $conn->error;
        }

    }
}

?>
<!--
    @Student Code@
    Put the task item display code after this comment, this will display the items as a table.  This is very similar to the last assignment.
-->

<?php
$conn->close();
?>

</body>
</html>