function check_response($dbh)
{
$name = script_param("name");
$place = script_param("place");
$choices = script_param("choices");
$response = script_param("response");
# Is the user's response the correct birthplace?
if ($response == $place) {
print "That is correct!<br />\n";
printf("%s was born in %s.<br />\n", htmlspecialchars($name), htmlspecialchars($place));
print "Try the next question:<br /><br />\n";
present_question($dbh);
} else {
printf("\"%s\" is not correct. Please try again.<br /><br />\n", htmlspecialchars($response));
$choices = explode("#", $choices);
display_form($name, $place, $choices);
}
}
function update_entry($dbh)
{
# Get script parameters; trim whitespace from the ID, but not
# from the password, because the password must match exactly,
# or from the row, because it is an array.
$member_id = trim(script_param("member_id"));
$password = script_param("password");
$row = script_param("row");
$member_id = trim($member_id);
if (empty($member_id)) {
die("No member ID was specified\n");
}
if (!ctype_digit($member_id)) {
# must look like integer
die("Invalid member ID was specified (must be an integer)\n");
}
if (!check_pass($dbh, $member_id, $password) && !check_pass($dbh, 0, $password)) {
die("Invalid password\n");
}
# Examine the metadata for the member table to determine whether
# each column allows NULL values. (Make sure nullability is
# retrieved in uppercase.)
$stmt = "SELECT COLUMN_NAME, UPPER(IS_NULLABLE)\n FROM INFORMATION_SCHEMA.COLUMNS\n WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ?";
$sth = $dbh->prepare($stmt);
$sth->execute(array("sampdb", "member"));
$nullable = array();
while ($info = $sth->fetch()) {
$nullable[$info[0]] = $info[1] == "YES";
}
# Iterate through each field in the form, using the values to
# construct an UPDATE statement that contains placeholders, and
# the array of data values to bind to the placeholders.
$stmt = "UPDATE member ";
$delim = "SET";
$params = array();
foreach ($row as $col_name => $val) {
$stmt .= "{$delim} {$col_name}=?";
$delim = ",";
# if a form value is empty, update the corresponding column value
# with NULL if the column is nullable. This prevents trying to
# put an empty string into the expiration date column when it
# should be NULL, for example.
$val = trim($val);
if (empty($val)) {
if ($nullable[$col_name]) {
$params[] = NULL;
} else {
$params[] = "";
}
# enter empty string
} else {
$params[] = $val;
}
}
$stmt .= " WHERE member_id = ?";
$params[] = $member_id;
$sth = $dbh->prepare($stmt);
$sth->execute($params);
printf("<br /><a href=\"%s\">Edit another member record</a>\n", script_name());
}
function enter_scores($dbh)
{
# Get event ID number and array of scores for the event
$event_id = script_param("event_id");
#@ _GET_SCORE_PARAM_
$score = script_param("score");
#@ _GET_SCORE_PARAM_
if (!ctype_digit($event_id)) {
# must look like integer
die("Bad event ID\n");
}
# Prepare the statements that are executed repeatedly
$sth_del = $dbh->prepare("DELETE FROM score\n WHERE event_id = ? AND student_id = ?");
$sth_repl = $dbh->prepare("REPLACE INTO score\n (event_id,student_id,score)\n VALUES(?,?,?)");
# enter scores within a transaction
try {
$dbh->beginTransaction();
$blank_count = 0;
$nonblank_count = 0;
foreach ($score as $student_id => $new_score) {
$new_score = trim($new_score);
if (empty($new_score)) {
# if no score is provided for student in the form, delete any
# score the student may have had in the database previously
++$blank_count;
$sth = $sth_del;
$params = array($event_id, $student_id);
} else {
if (ctype_digit($new_score)) {
# if a score is provided, replace any score that
# might already be present in the database
++$nonblank_count;
$sth = $sth_repl;
$params = array($event_id, $student_id, $new_score);
} else {
throw new PDOException("invalid score: {$new_score}");
}
}
$sth->execute($params);
}
# transaction succeeded, commit it
$dbh->commit();
printf("Number of scores entered: %d<br />\n", $nonblank_count);
printf("Number of scores missing: %d<br />\n", $blank_count);
} catch (PDOException $e) {
printf("Score entry failed: %s<br />\n", htmlspecialchars($e->getMessage()));
# roll back, but use empty exception handler to catch rollback failure
try {
$dbh->rollback();
} catch (PDOException $e) {
}
}
print "<br />\n";
}
