Commit d332fe9d authored by Sorrel Harriet's avatar Sorrel Harriet

disabling edit record view

parent 49ca5ded
......@@ -81,11 +81,11 @@ $title = $artist_id = $price = $year = $genre = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate the form data
$ean = mysqli_real_escape_string($link, clean_input($_POST["ean"]));
$title = mysqli_real_escape_string($link, clean_input($_POST["title"]);
$title = mysqli_real_escape_string($link, clean_input($_POST["title"]));
$artist_id = mysqli_real_escape_string($link, clean_input($_POST["artist_id"]);
$genre = mysqli_real_escape_string($link, clean_input($_POST["genre"]);
$year = mysqli_real_escape_string($link, clean_input($_POST["year"]);
$price = mysqli_real_escape_string($link, clean_input($_POST["price"]);
$genre = mysqli_real_escape_string($link, clean_input($_POST["genre"]));
$year = mysqli_real_escape_string($link, clean_input($_POST["year"]));
$price = mysqli_real_escape_string($link, clean_input($_POST["price"]));
// define the insertion query
$sql = sprintf("INSERT INTO record (ean, title, artist_id, genre, year, price)
......
......@@ -26,6 +26,7 @@ if (isset($_GET['id'])) {
$genre = $row['genre'];
$year = $row['year'];
$price = $row['price'];
unset($result);
}
// define a variable with path to the script which will process form
......@@ -37,6 +38,7 @@ if (isset($_GET['id'])) {
ORDER BY last_name";
$result = mysqli_query($link, $sql);
// check query returned a result
if ($result === false) {
echo mysqli_error($link);
......@@ -53,6 +55,7 @@ if (isset($_GET['id'])) {
$options .= $row['first_name']." ".$row['last_name'];
$options .= "</option>";
}
unset($result);
}
// define the form HTML (would ideally be in a template)
......@@ -106,11 +109,12 @@ if (isset($_GET['id'])) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate the form data
$ean = mysqli_real_escape_string($link, clean_input($_POST["ean"]));
$title = mysqli_real_escape_string($link, clean_input($_POST["title"]);
$artist_id = mysqli_real_escape_string($link, clean_input($_POST["artist_id"]);
$genre = mysqli_real_escape_string($link, clean_input($_POST["genre"]);
$year = mysqli_real_escape_string($link, clean_input($_POST["year"]);
$price = mysqli_real_escape_string($link, clean_input($_POST["price"]);
$title = mysqli_real_escape_string($link, clean_input($_POST["title"]));
$artist_id = mysqli_real_escape_string($link, clean_input($_POST["artist_id"]));
$genre = mysqli_real_escape_string($link, clean_input($_POST["genre"]));
$year = mysqli_real_escape_string($link, clean_input($_POST["year"]));
$price = mysqli_real_escape_string($link, clean_input($_POST["price"]));
}
// define the insertion query
$sql = sprintf("UPDATE record
......@@ -126,11 +130,13 @@ if (isset($_GET['id'])) {
} else {
$content .= "Record updated successfully.";
}
}
// ------- END form processing code... -------
} else {
$content = "Not sure what you want to edit.";
}
// ------- END form processing code... -------
// output the html
echo($content);
// output the html
echo($content);
?>
?>
......@@ -26,8 +26,6 @@ if ($result === false) {
$content .= "<td><a href='?page=artist&id=".$row['id']."'>".$row['first_name']." ".$row['last_name']."</a></td>";
$content .= "<td>".$row['genre']."</td>";
$content .= "<td>".$row['price']."</td>";
$content .= "<td><a href='?page=edit-record&id=".$row['ean']."'>edit</a></td>";
$content .= "<td><a href='?page=delete-record&id=".$row['ean']."'>delete</a></td>";
$content .= "</tr>";
}
$content .= "</tbody></table>";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment