<?php
/*
Allows the user to both create new records and edit existing records
*/
// connect to the database
include("detail.php");
// creates the new/edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($Full = '', $Email ='', $error = '', $id = '' ,$age ='')
{
?>
<?php
$FullNameErr=$EmailErr=$ageErr="";
$FullName=$Email=$age="";
if($_SERVER["REQUEST_METHOD"]=="POST") {
if(empty($_POST["FullName"])){
$FullNameErr="Name is required";
}else{
$FullName=test_input($_POST["FullName"]);
if(!preg_match("/^[a-zA-Z]*$/",$FullName)){
$FullNameErr="only letters and white space allowed";
}
}
if(empty($_POST["Email"])){
$EmailErr="Email is required";
}else{
$Email=test_input($_POST["Email"]);
if(!filter_var($Email,FILTER_VALIDATE_EMAIL)){
$EmailErr='invalid email format';
}
}
if(empty($_POST["age"])){
$ageErr="Age is required";
}else{
$age=test_input($_POST["age"]);
if(!preg_match("/^[0-9]+$/",$age)){
return true;
}
return false;
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($id != '') { echo "Edit Record"; } else { echo "New Record"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($id != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
. "</div>";
} ?>
<p><span class="error">* required field.</span></p>
<form method="POST"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div>
<?php if ($id != '') { ?>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<p>id: <?php echo $id; ?></p>
<?php } ?>
<strong>FullName: *</strong> <input type="text" name="FullName">
<span class="error">*<?php echo $FullName;?></span><br/><br/>
<strong>Email: *</strong> <input type="Email" name="Email">
<span class="error">*<?php echo $EmailErr;?></span><br/><br/>
<strong>age: *</strong> <input type="text" name="age">
<span class="error"> *<?php echo $age;?></span><br/><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
EDIT RECORD
*/
// if the 'id' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['id']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'id' in the URL is valid
if (is_numeric($_POST['id']))
{
// get variables from the URL/form
$id = $_POST['id'];
$FullName = htmlentities($_POST['FullName'], ENT_QUOTES);
$Email = htmlentities($_POST['Email'], ENT_QUOTES);
$age = htmlentities($_POST['age'], ENT_QUOTES);
// check that firstname and lastname are both not empty
if ($FullName == '' || $Email == '' || $age=='')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($FullName, $Email, $error, $id ,$age);
}
else
{
// if everything is fine, update the record in the database
if ($stmt = $mysqli->prepare("UPDATE submit_users SET FullName = ?, Email = ? age=?
WHERE id=?"))
{
$stmt->bind_param("ssi", $FullName, $Email, $id ,$age);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: view.php");
}
}
// if the 'id' variable is not valid, show an error message
else
{
echo "Error!";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'id' value is valid
if (is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// get 'id' from URL
$id = $_GET['id'];
// get the recod from the database
if($stmt = $mysqli->prepare("SELECT * FROM submit_users WHERE id=?"))
{
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($id, $FullName, $Email ,$age);
$stmt->fetch();
// show the form
renderForm($FullName, $Email, NULL, $id ,$age);
$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'id' value is not valid, redirect the user back to the view.php page
else
{
header("Location: view.php");
}
}
}
/*
NEW RECORD
*/
// if the 'id' variable is not set in the URL, we must be creating a new record
else
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data
$FullName = htmlentities($_POST['FullName'], ENT_QUOTES);
$Email = htmlentities($_POST['Email'], ENT_QUOTES);
$age = htmlentities($_POST['age'], ENT_QUOTES);
// check that firstname and lastname are both not empty
if ($FullName == '' || $Email == '' || $age== '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($FullName, $Email, $age, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT submit_users (FullName, Email,age) VALUES (?, ?,?)"))
{
$stmt->bind_param("ssi", $FullName, $Email, $age);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}
// redirec the user
header("Location: view.php");
}
}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}
// close the mysqli connection
$mysqli->close();
?>