Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php // - edit_quote.php
- /* This script edits a quote. */
- // Define a page title and include the header:
- define('TITLE', 'Edit a Contact');
- include('templates/header.html');
- print '<h2>Edit a Contact</h2>';
- // Restrict access to administrators only:
- if (!is_administrator()) {
- print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
- include('templates/footer.html');
- exit();
- }
- // Need the database connection:
- include('../mysql_connect.php');
- if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0) ) { // Display the entry in a form:
- // Define the query.
- $query = "SELECT name, company, phone, email, address FROM contactstable WHERE contact_id={$_GET['id']}";
- if ($result = mysql_query($query, $dbc)) { // Run the query.
- $row = mysql_fetch_array($result); // Retrieve the information.
- // Make the form:
- print '<form action="edit_contact.php" method="post">
- <p><label>Name <input type="text" name="name" value="' . htmlentities($row['name']) . '" /></label></p>
- <p><label>Company <input type="text" name="company" value="' . htmlentities($row['company']) . '" /></label></p>
- <p><label>Phone <input type="text" name="phone" value="' . htmlentities($row['phone']) . '" /></label></p>
- <p><label>Email <input type="text" name="email" value="' . htmlentities($row['email']) . '" /></label></p>
- <p><label>Address <input type="text" name="address" value="' . htmlentities($row['address']) . '" /></label></p>
- <input type="hidden" name="id" value="' . $_GET['id'] . '" />
- <p><input type="submit" name="submit" value="Update This Entry!" /></p>
- </form>';
- } else { // Couldn't get the information.
- print '<p class="error">Could not retrieve the quotation because:<br />' . mysql_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
- }
- } elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0)) { // Handle the form.
- // Validate and secure the form data:
- // Check for each value...
- $contact_id = $_POST['id'];
- $problem = false;
- if (empty($_POST['name'])) {
- $problem = TRUE;
- print '<p class="error">Please enter your name!</p>';
- } else {
- //if $_POST['name'] is not empty then lets set the value to our variable ($name)
- // then we can use the variable $name later instead of $_POST['name']
- $name = $_POST['name'];
- }
- if (empty($_POST['company'])) {
- $problem = TRUE;
- print '<p class="error">Please enter your company name!</p>';
- } else {
- //if $_POST['company'] is not empty then lets set the value to our variable ($company)
- $company = $_POST['company'];
- }
- if (empty($_POST['email']) || (substr_count($_POST['email'], '@') != 1) ) {
- $problem = TRUE;
- print '<p class="error">Please enter your email address!</p>';
- } else {
- //if $_POST['company'] is not empty then lets set the value to our variable ($company)
- $email = $_POST['email'];
- }
- if (empty($_POST['phone'])) {
- $problem = TRUE;
- print '<p class="error">Please enter a phone number!</p>';
- } else {
- //if $_POST['company'] is not empty then lets set the value to our variable ($company)
- $phone = $_POST['phone'];
- }
- if (empty($_POST['address'])) {
- $problem = TRUE;
- print '<p class="error">Please enter a address!</p>';
- } else {
- //if $_POST['company'] is not empty then lets set the value to our variable ($company)
- $address = $_POST['address'];
- }
- if (!$problem) { // If there weren't any problems...
- // Print a message:
- print '<p>You have now entered your contact information!</p>';
- } else { // Forgot a field.
- print '<p class="error">Please try again!</p>';
- }
- if (!$problem) {
- // Define the query.
- $query = "UPDATE contactstable SET name='$name', company='$company', phone='$phone', email='$email', address='$address', contact_id='$contact_id' WHERE contact_id={$_POST['id']}";
- if ($result = mysql_query($query, $dbc)) {
- print '<p>The contact has been updated.</p>';
- } else {
- print '<p class="error">Could not update the quotation because:<br />' . mysql_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
- }
- } // No problem!
- } else { // No ID set.
- $result = mysql_query("SELECT * FROM contactstable ORDER BY name ");
- while($row = mysql_fetch_array($result))
- {
- echo $row['name'];
- echo " " . $row['company'];
- echo " " . $row['phone'];
- echo " " . $row['email'];
- echo " " . $row['address'];
- echo "<br />";
- // create a link using the id
- echo '<a href="edit_contact.php?id=' . $row['contact_id'] . '">Edit</a>';} // End of main IF.
- } // End of while loop.
- mysql_close($dbc); // Close the connection.
- include('templates/footer.html'); // Include the footer.
- ?>
Add Comment
Please, Sign In to add comment