/
edit_biz.php
149 lines (125 loc) · 5.12 KB
/
edit_biz.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php
// connects to the database
include('db/connect.php');
function renderForm($biz_name = '', $address ='', $address2 ='', $city ='', $zipcode ='', $phone ='', $website ='', $hours ='', $category_id ='', $error = '', $biz_id = '')
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title> Edit Business </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h2>Edit Business</h2>
<?php
if ($error != ''){
echo "<div style='padding:4px; color:red'>" . $error. "</div><br/>";
}
?>
<!-- Edit Business Form -->
<form action="" method="post">
<div>
<?php if ($biz_id != '') {
?>
<input type="hidden" name="biz_id" value="<?php echo $biz_id; ?>" />
<p><strong>Business ID: <?php echo $biz_id; ?></strong></p>
<?php } ?>
<!-- Form Fields -->
<strong>Business Name: *</strong> <input type="text" name="biz_name" value="<?php echo $biz_name; ?>"/><br/><br/>
<strong>Address: </strong> <input type="text" name="address" value="<?php echo $address; ?>"/><br/><br/>
<strong>Address2: </strong> <input type="text" name="address2" value="<?php echo $address2; ?>"/><br/><br/>
<strong>City: </strong> <input type="text" name="city" value="<?php echo $city; ?>"/><br/><br/>
<strong>Zip Code: </strong> <input type="text" name="zipcode" value="<?php echo $zipcode; ?>"/><br/><br/>
<strong>Phone: </strong> <input type="text" name="phone" value="<?php echo $phone; ?>"/><br/><br/>
<strong>Website: </strong> <input type="text" name="website" value="<?php echo $website; ?>"/><br/><br/>
<strong>Hours: </strong> <input type="text" name="hours" value="<?php echo $hours; ?>"/><br/><br/>
<strong>Type of Service: *</strong>
<?php if ($category_id == "1"){
echo "Currently: Reuse";}
else{
echo "Currently: Repair";
}?><br/>
<input type="radio" name="category_id" value="1"/>Reuse
<input type="radio" name="category_id" value="2"/>Repair<br/>
<p>* required</p>
<!-- Submit and Reset Buttons -->
<input type="submit" name="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" />
</div>
</form>
<br/>
<a href="view.php">Back To View Business Records</a><br/>
<a href="index.php">Back To Home</a>
</body>
</html>
<?php }
if (isset($_POST['submit'])){
// checks to see if the biz_id is valid
if (is_numeric($_POST['biz_id'])){
// gets the data from the database
$biz_id = $_POST['biz_id'];
$biz_name = htmlentities($_POST['biz_name'], ENT_QUOTES);
$address = htmlentities($_POST['address'], ENT_QUOTES);
$address2 = htmlentities($_POST['address2'], ENT_QUOTES);
$city = htmlentities($_POST['city'], ENT_QUOTES);
$zipcode = htmlentities($_POST['zipcode'], ENT_QUOTES);
$phone = htmlentities($_POST['phone'], ENT_QUOTES);
$website = htmlentities($_POST['website'], ENT_QUOTES);
$hours = htmlentities($_POST['hours'], ENT_QUOTES);
$category_id = htmlentities($_POST['category_id'], ENT_QUOTES);
// checks to see if biz_name and category_id is empty
if ($biz_name == '' || $category_id == ''){
// if it's empty an error message is shown
$error = 'ERROR: Please fill in all required fields';
renderForm($biz_name, $address, $address2, $city, $zipcode, $phone, $website, $hours, $category_id, $error, $biz_id);
}
else{
// update the record in the database
if ($stmt = $mysqli->prepare("UPDATE businesses SET biz_name = ?, address = ?, address2 = ?, city = ?, zipcode = ?, phone = ?, website = ?, hours = ?, category_id = ?
WHERE biz_id=?")){
$stmt->bind_param("ssssssssii", $biz_name, $address, $address2, $city, $zipcode, $phone, $website, $hours, $category_id, $biz_id);
$stmt->execute();
$stmt->close();
}
// an error message is shown if there is a problem with the query
else{
echo "ERROR: could not prepare SQL statement.";
}
//redirects the user once the record has been successfully updated into the database
header("Location: view.php");
}
}
// an error message is shown if biz_id is not valid
else{
echo "Error!";
}
}
// show the form
else{
// checks to see if the biz_id is valid
if (is_numeric($_GET['biz_id']) && $_GET['biz_id'] > 0){
// gets biz_id from URL
$biz_id = $_GET['biz_id'];
// gets the data from the database
if($stmt = $mysqli->prepare("SELECT * FROM businesses WHERE biz_id=?")){
$stmt->bind_param("i", $biz_id);
$stmt->execute();
$stmt->bind_result($biz_id, $biz_name, $address, $address2, $city, $zipcode, $phone, $website, $hours, $category_id);
$stmt->fetch();
renderForm($biz_name, $address, $address2, $city, $zipcode, $phone, $website, $hours, $category_id, NULL, $biz_id);
$stmt->close();
}
// an error message is shown if there is a problem with the query
else{
echo "Error: could not prepare SQL statement";
}
}
// if biz_id value is not valid, redirect the user back to view.php
else{
header("Location: view.php");
}
}
// close the database connection
$mysqli->close();
?>