dianefoster Posted January 7, 2018 Share Posted January 7, 2018 edit.php <?php session_start(); if( !isset($_SESSION['empID']) ) { header("Location: login.php"); exit; } elseif ( (isset($_SESSION['empID'])) && !$_GET['empID']){ header("Location: update.php?user=" . $_SESSION['empID']); } else{ // select loggedin users detail $res=mysql_query("SELECT * FROM Staff WHERE empID=".$_SESSION['empID']); $userRow=mysql_fetch_array($res); $id = $_GET['empID']; } $thisPage = "edit"; include('includes/header.html'); include('includes/nav1.php'); echo '<h1>Edit Patients</h1>'; require_once('../mysqli_connect.php'); $q = "SELECT firstN, lastN,street,suburb, state,pc, phone,email,patientID FROM Patient ORDER BY firstN"; $r = @mysqli_query($dbc, $q); $num = mysqli_num_rows($r); if($num > 0){ echo "<p>There are currently $num registered patients</p>"; echo '<table> <tr> <td class = "red">Edit</td><td class = "red">Delete</td><td class = "red">First name</td><td class = "red">Last name</td> <td class = "red">Street</td><td class = "red">Suburb</td><td class = "red">State</td><td class = "red">Postcode</td><td class = "red"> Phone</td><td class = "red">Email</td></tr>'; while($row = mysqli_fetch_array($r,MYSQLI_ASSOC)) { echo '<tr> <td class = "red"><a href ="update.php?id=' . $row['patientID'] . '">Update</td> <td class = "red"><a href ="update.php?id='. $row['patientID'] . '">Delete</td> <td class = "red">' . $row['firstN'] . '</td> <td class = "red">' .$row['lastN'] . '</td> <td class = "red">' . $row['street'] . '</td> <td class = "red">' . $row['suburb'] . '</td> <td class = "red">' . $row['state'] . '</td> <td class = "red">' . $row['pc']. '</td> <td class = "red">' . $row['phone'] . '</td> <td class = "red">' . $row['email'] . '</td> </tr>'; } echo '</table>'; mysqli_free_result($r); } else { echo '<p class = "error">There are currently no patients</p>'; } mysqli_close($dbc); echo '<p><a href = "logout.php">Logout</a></p>'; include('includes/footer.html'); ?> update.php <?php if((isset($_GET['empID'])) && (is_numeric($_GET['empID']))) { $id = $_GET['empID']; } elseif((isset($_POST['empID'])) && (is_numeric($_POST['empID']))) { $id = $_POST['empID']; } else { echo '<p class = "error">This page has been accessed in error</p>'; include('includes/footer.html'); exit(); } $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); require_once('../mysqli_connect.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); if(empty($_POST['firstN'])) { $errors[] = 'You forgot to enter your first name'; } else { $fn = mysqli_real_escape_string($dbc, trim($_POST['firstN'])); } if(empty($_POST['lastN'])) { $errors[] = 'You forgot to enter your last name'; } else { $ln = mysqli_real_escape_string($dbc,trim($_POST['lastN'])); } if(empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address'; } else { $e = mysqli_real_escape_string($dbc, trim($_POST['email'])); } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE email = '$e' AND patientID!=$id"; $r = @mysqli_query($dbc,$q); if(mysqli_num_rows($r) == 0) { $q = "UPDATE Patient SET firstN = '$fn', lastN = '$ln', email = '$e' WHERE patientID=$id LIMIT 1"; $r = @mysqli_query($dbc,$q); if(mysqli_affected_rows($dbc) == 1) { echo '<p>The patient has been updated</p>'; } else { echo '<p class = "error">The patient could not be updated due to a system error</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } } else { echo '<p class = "error">The email address has already been registered</p>'; } } else { echo '<p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p>'; } } $q = "SELECT firstN, lastN, email FROM Patient WHERE patientID=$id"; $r = @mysqli_query($dbc,$q); if(mysqli_num_rows($r) == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); echo '<h1>Update Patient</h1>'; echo '<form action = "edit_user.php" method = "post"> <p>First Name: <input type="text" name="firstN" size="15" maxlength="15" value ="'. $row[0] . '"/></p> <p>Last Name: <input type="text" name="lastN" size="15" maxlength="30"value ="'. $row[1] . '"/></p> <p>Email Address:<input type="text" name="email" size="20" maxlength="60" value ="' . $row[2] . '" /> </p> <p><input type="submit" name="submit" value="Submit" /></p> <input type="hidden" name="id" value="' . $id . '" /> </form>'; } else { echo '<p class = "error">This page has been accessed in error</p>'; } mysqli_close($dbc); echo "<p><a href=\"edit.php\">Edit Patients</a></p>"; ?> database /* Starting file for PHP assignment 2 Margaret Vallance May 2017 */ DROP DATABASE IF EXISTS DF_HMC; CREATE DATABASE DF_HMC; USE DF_HMC; CREATE TABLE Staff( empID CHAR(3), empFirst VARCHAR(20), empLast VARCHAR(30), empUserName VARCHAR(12) NOT NULL, empPassword CHAR(40) NOT NULL, empSecurity CHAR(1) DEFAULT 'U', /* U=User M=Manager */ PRIMARY KEY (empID) ); INSERT INTO Staff VALUES ('AAA', 'Alan', 'Anderson', 'anders', SHA1('aapwd'), 'U'); INSERT INTO Staff VALUES ('BBB', 'Bob', 'Brown', 'brownie', SHA1('bbpwd'), 'M'); INSERT INTO Staff VALUES ('CCC', 'Cassie', 'Carson', 'cassie', SHA1('ccpwd'), 'U'); CREATE TABLE Patient ( patientID INT AUTO_INCREMENT, title VARCHAR(15) DEFAULT 'Mr', firstN VARCHAR(40) NOT NULL, lastN VARCHAR(20) NOT NULL, street VARCHAR(25), suburb VARCHAR(30), state CHAR(3) DEFAULT 'NSW', pc CHAR(4) DEFAULT '2250', phone CHAR(12), email VARCHAR(50), imageName VARCHAR(50), login VARCHAR(12), pwd VARCHAR(40), PRIMARY KEY (patientID) ); CREATE TABLE EquipmentType ( typeID CHAR(3), description VARCHAR(50) NOT NULL, checkPeriod INT, costPerDay FLOAT(5, 2), PRIMARY KEY (typeID) ); CREATE TABLE Equipment ( serialNo CHAR(10), eType CHAR(3) NOT NULL, purchased DATE NOT NULL, lastChecked DATE, equipCondition VARCHAR(15) DEFAULT 'Excellent', countryMade VARCHAR(25), PRIMARY KEY (serialNo), FOREIGN KEY (eType) REFERENCES EquipmentType(typeID) ); CREATE TABLE Hire( hireID INT AUTO_INCREMENT, patID INT, serialNo CHAR(10) NOT NULL, dateHired DATE NOT NULL, dateReturned DATE, UNIQUE KEY ukHire (patID, serialNo, dateHired), PRIMARY KEY (hireID), FOREIGN KEY (patID) REFERENCES Patient(patientID), FOREIGN KEY (serialNo) REFERENCES Equipment(serialNo) ); CREATE TABLE Payment ( paymentID INT AUTO_INCREMENT, amount FLOAT(5, 2) NOT NULL, paymentDate DATE NOT NULL, method VARCHAR(15), hireID INT, PRIMARY KEY (paymentID), FOREIGN KEY (hireID) REFERENCES Hire(hireID) ); /*Patient */ INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Admiral','William', 'Adama', '1 Captain Close', 'Caprica', 'VIC', '3209', '02 3321 1123', 'bill@galactica.com', 'wa', 'wapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('President','Laura', 'Roslin', '1 Education Street', 'Canberra', 'ACT', '2601', '02 6676 1123', 'laura@earth.gov', 'lr', 'lrpwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Captain','Lee', 'Adama', '5 Apolla Lane', 'Squadron', 'QLD', '4459', '07 8446 1111', 'lee@galactica.com', 'la', 'lapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Ms','Sharon', 'Valerii', '23 Hanger Drive', 'Gosford', 'NSW', '2250', '02 4356 0000', NULL, 'sv', 'svpwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Miss', 'Kara','Thrace', '10 Cylon Street', 'Wyong', 'NSW', '2259', NULL, 'karaT@blackhole.com', 'kt', 'ktpwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Mr', 'Karl', 'Agathon', '8 Short Avenue', 'Geminon', 'NSW', '2299', '02 8876 1123', 'helo@galactica.com', 'ka', 'kapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Mr','Sam', 'Anders', NULL, NULL, NULL, NULL, NULL, NULL, 'sa', 'sapwd'); INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Colonel','Saul', 'Tigh', '2 Crew Close', 'Shipton', 'QLD', '4309', '02 8876 1123', 'saul@galactica.com', 'st', 'stpwd'); /*Equipment Type */ INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WCE', 'Wheelchair - Electric', 90, 5.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WCS', 'Wheelchair - Standard', 120, 3.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WF3', '3 Wheel Walking Frame', 60, 4.25); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('FRL', 'Lightweight Folding Ramp', 100, 5.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('SCL', 'Large Scooter', 60, 120.00); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('CRL', 'Crutches - Long', 365, 1.50); INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('CRE', 'Crutches - Elbow', 365, 2.50); /*Equipment*/ INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99800', 'WCE', '2017-02-01', '2017-03-01', 'Excellent', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99801', 'WCE', '2017-03-01', '2017-04-01', 'Good', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99802', 'WCE', '2017-03-01', '2017-03-02', 'Good', 'China'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99800', 'WCS', '2016-02-01', '2017-04-01', 'Good', 'USA'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99803', 'WCS', '2016-08-01', '2017-01-04', 'Good', 'China'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99804', 'WF3', '2016-11-01', '2017-04-01', 'Excellent', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99800', 'WF3', '2016-11-01', '2017-01-21', 'Excellent', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99802', 'WF3', '2016-02-01', '2016-04-01', 'Some wear', 'France'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99803', 'SCL', '2017-02-01', '2017-04-01', 'Some wear', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CR99800', 'CRL', '2016-10-01', '2017-04-01', 'Some wear', 'China'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CR99802', 'CRL', '2016-10-01', '2016-11-01', 'OK', 'Australia'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CE99801', 'CRE', '2017-10-01', '2017-04-01', 'OK', 'France'); INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CE99802', 'CRE', '2017-10-01', '2017-04-01','Excellent', 'Australia'); /*Hire*/ INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 1, 'WC99800', '2017-04-01', '2017-05-01'); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 1, 'CR99800', '2017-05-01', '2017-05-01'); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 2, 'WC99800', '2017-04-01', '2017-04-04'); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 3, 'BF99800', '2017-04-01', NULL); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'WC99800', '2017-05-01', NULL); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'CE99802', '2017-05-01', NULL); INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'BF99803', '2017-05-01', NULL); /*Payment*/ INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (150.00, '2017-05-01', 'Credit Card', 1); INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (150.00, '2017-05-01', 'Credit Card', 2); INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (25.00, '2017-04-04', 'EFTPOS', 3); /* For Testing */ SELECT * FROM Staff; SELECT * FROM Patient; SELECT * FROM Equipment; SELECT * FROM EquipmentType; SELECT * FROM Hire; SELECT * FROM Payment; 1 Link to comment Share on other sites More sharing options...
Larry Posted January 9, 2018 Share Posted January 9, 2018 Working it backwards, you'd get that error message only if both of these conditions are false: if((isset($_GET['empID'])) && (is_numeric($_GET['empID']))) { } elseif((isset($_POST['empID'])) && (is_numeric($_POST['empID']))) { If this is a GET request, confirm that a numeric empID is passed in the URL. If this is a POST request, confirm that a numeric empID is passed with other form data (presumably by looking at the source that's POSTing or just dumping $_POST out in the update page). Link to comment Share on other sites More sharing options...
Recommended Posts