Commit 6b18ccd4 authored by Sorrel Harriet's avatar Sorrel Harriet

amends to add record view

parent 4dff362c
<?php
/* define a variable with path to script which will handle submission
$_SERVER["PHP_SELF"] is a path to the current script
htmlspecialchars() is used to escape HTML characters (prevents XSS) */
$action = htmlspecialchars($_SERVER["PHP_SELF"]);
$content = "<h1>Add a record</h1>";
// fetch the artists so that we have access to the ids
// define a variable with path to script which will handle submission
// -> $_SERVER["PHP_SELF"] is a path to the current script (index.php)
// -> htmlspecialchars() is used to escape HTML characters (prevents XSS) */
$action = htmlspecialchars($_SERVER["PHP_SELF"]."?page=add-record");
// fetch the artists so that we have access to their names and IDs
$sql = "SELECT id, first_name, last_name
FROM artist";
FROM artist
ORDER BY last_name";
$result = mysqli_query($link, $sql);
......@@ -26,27 +29,81 @@ if ($result === false) {
// define the form HTML (would ideally be in a template)
$form_html = "<form action='".$action."' method='POST'>
<fieldset>
<label for='ean'>EAN (required):</label>
<input type='text' name='ean'/>
</fieldset>
<fieldset>
<label for='title'>Title:</label>
<input type='text' name='title' />
</fieldset>
<fieldset>
<label for='artist_id'>Artist:</label>
<select name='artist_id'>
<option value='NULL'>Not listed</option>
".$options."
<option value='NULL'>Not listed</option>
</select>
</fieldset>
<fieldset>
<label for='title'>Title:</label>
<input type='text' name='title' />
<label for='genre'>Genre</label>
<input type='text' name='genre' />
</fieldset>
<fieldset>
<label for='price'>Price (&pound;):</label>
<input type='text' name='price' />
<label for='year'>Year:</label>
<input type='text' name='year' size='5' placeholder='YYYY' />
</fieldset>
<fieldset>
<label for='genre'>Genre</label>
<input type='text' name='genre' />
<label for='price'>Price (&pound;):</label>
<input type='text' name='price' placeholder='00.00' />
</fieldset>
<button type='submit'>Submit</button>
</form>";
// append form HTML to content string
$content .= $form_html;
// ------- START form processing code... -------
// define a function to validate form data (this would ideally be in includes folder)
function test_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // escape special characters
return $data;
}
// define variables and set to empty values
$title = $artist_id = $price = $year = $genre = "";
// check if there was a POST request
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate the form data
$ean = test_input($_POST["ean"]);
$title = test_input($_POST["title"]);
$artist_id = test_input($_POST["artist_id"]);
$genre = test_input($_POST["genre"]);
$year = test_input($_POST["year"]);
$price = test_input($_POST["price"]);
// define the insertion query
$sql = "INSERT INTO record (ean, title, artist_id, genre, year, price)
VALUES ('".$ean."', '".$title."', ".$artist_id.", '".$genre."', ".$year.", ".$price.")";
// run the query to insert the data
$result = mysqli_query($link, $sql);
// check if the query went ok
if ($result === false) {
echo mysqli_error($link);
} else {
$content .= "Record successfully added to database.";
}
}
// ------- END form processing code... -------
// output the html
echo($content);
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment