<?php // - edit_quote.php/* This script edits a quote. */// Define a page

1. <?php // - edit_quote.php
2. /* This script edits a quote. */
3.  
4. // Define a page title and include the header:
5. define('TITLE', 'Edit a Contact');
6. include('templates/header.html');
7.  
8. print '<h2>Edit a Contact</h2>';
9.  
10. // Restrict access to administrators only:
11. if (!is_administrator()) {
12. print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
13. include('templates/footer.html');
14. exit();
15. }
16.  
17.  
18. // Need the database connection:
19. include('../mysql_connect.php');
20.  
21. if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0) ) { // Display the entry in a form:
22.  
23. // Define the query.
24. $query = "SELECT name, company, phone, email, address FROM contactstable WHERE contact_id={$_GET['id']}";
25.  
26. if ($result = mysql_query($query, $dbc)) { // Run the query.
27.  
28. $row = mysql_fetch_array($result); // Retrieve the information.
29.  
30. // Make the form:
31. print '<form action="edit_contact.php" method="post">
32. <p><label>Name <input type="text" name="name" value="' . htmlentities($row['name']) . '" /></label></p>
33. <p><label>Company <input type="text" name="company" value="' . htmlentities($row['company']) . '" /></label></p>
34. <p><label>Phone <input type="text" name="phone" value="' . htmlentities($row['phone']) . '" /></label></p>
35. <p><label>Email <input type="text" name="email" value="' . htmlentities($row['email']) . '" /></label></p>
36. <p><label>Address <input type="text" name="address" value="' . htmlentities($row['address']) . '" /></label></p>
37.  
38. <input type="hidden" name="id" value="' . $_GET['id'] . '" />
39. <p><input type="submit" name="submit" value="Update This Entry!" /></p>
40. </form>';
41.  
42. } else { // Couldn't get the information.
43. print '<p class="error">Could not retrieve the quotation because:<br />' . mysql_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
44. }
45.  
46. } elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0)) { // Handle the form.
47.  
48. // Validate and secure the form data:
49. // Check for each value...
50. $contact_id = $_POST['id'];
51. $problem = false;
52. if (empty($_POST['name'])) {
53. $problem = TRUE;
54. print '<p class="error">Please enter your name!</p>';
55.  
56.  
57. } else {
58.  
59. //if $_POST['name'] is not empty then lets set the value to our variable ($name)
60.  
61. // then we can use the variable $name later instead of $_POST['name']
62.  
63. $name = $_POST['name'];
64. }
65.  
66. if (empty($_POST['company'])) {
67. $problem = TRUE;
68. print '<p class="error">Please enter your company name!</p>';
69.  
70. } else {
71.  
72. //if $_POST['company'] is not empty then lets set the value to our variable ($company)
73.  
74. $company = $_POST['company'];
75. }
76.  
77. if (empty($_POST['email']) || (substr_count($_POST['email'], '@') != 1) ) {
78. $problem = TRUE;
79. print '<p class="error">Please enter your email address!</p>';
80.  
81. } else {
82.  
83. //if $_POST['company'] is not empty then lets set the value to our variable ($company)
84.  
85. $email = $_POST['email'];
86. }
87.  
88. if (empty($_POST['phone'])) {
89. $problem = TRUE;
90. print '<p class="error">Please enter a phone number!</p>';
91.  
92. } else {
93.  
94. //if $_POST['company'] is not empty then lets set the value to our variable ($company)
95.  
96. $phone = $_POST['phone'];
97. }
98.  
99. if (empty($_POST['address'])) {
100. $problem = TRUE;
101. print '<p class="error">Please enter a address!</p>';
102.  
103. } else {
104.  
105. //if $_POST['company'] is not empty then lets set the value to our variable ($company)
106.  
107. $address = $_POST['address'];
108. }
109.  
110. if (!$problem) { // If there weren't any problems...
111.  
112. // Print a message:
113. print '<p>You have now entered your contact information!</p>';
114.  
115.  
116. } else { // Forgot a field.
117.  
118. print '<p class="error">Please try again!</p>';
119.  
120. }
121. if (!$problem) {
122.  
123. // Define the query.
124. $query = "UPDATE contactstable SET name='$name', company='$company', phone='$phone', email='$email', address='$address', contact_id='$contact_id' WHERE contact_id={$_POST['id']}";
125. if ($result = mysql_query($query, $dbc)) {
126. print '<p>The contact has been updated.</p>';
127. } else {
128. print '<p class="error">Could not update the quotation because:<br />' . mysql_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
129. }
130.  
131. } // No problem!
132.  
133. } else { // No ID set.
134.  
135.  
136. $result = mysql_query("SELECT * FROM contactstable ORDER BY name ");
137.  
138.  
139. while($row = mysql_fetch_array($result))
140. {
141. echo $row['name'];
142. echo " " . $row['company'];
143. echo " " . $row['phone'];
144. echo " " . $row['email'];
145. echo " " . $row['address'];
146.  
147. echo "<br />";
148.  
149. // create a link using the id
150. echo '<a href="edit_contact.php?id=' . $row['contact_id'] . '">Edit</a>';} // End of main IF.
151.  
152. } // End of while loop.
153.  
154.  
155.  
156.  
157. mysql_close($dbc); // Close the connection.
158.  
159. include('templates/footer.html'); // Include the footer.
160. ?>