function updateExecute()
{
if (!is_numeric($_POST['CustomerID'])) {
//data must be alphanumeric only
feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$CustomerID = iformReq('CustomerID', $iConn);
//calls mysqli_real_escape() internally, to check form data
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation", "warning");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid", "warning");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Data Updated Successfully!", "success");
} else {
//Problem! Provide feedback!
feedback("Data NOT changed!", "warning");
}
myRedirect(THIS_PAGE);
}
function insertExecute()
{
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Customer Added Successfully!", "notice");
} else {
//Problem! Provide feedback!
feedback("Customer NOT added!");
}
myRedirect(THIS_PAGE);
}
