include_once '../header.php'; // header info (CSS, etc) is consistent. This will make updating style easier. I think. // NOTE: because we're down a directory, we use '../header.php' instead of '/header.php' - If we went down another directory, // it would become ../../header.php. Just something to note if you're creating a new folder somewhere ?> <body> <div id="container"> <h1> Chapin Hall Points - Points Approval </h1> <?php // first up, retireve our session variables. $minindex = $_SESSION['minindex']; $maxindex = $_SESSION['maxindex']; // fire up SQL - This code should look familiar by now. I should really make this a function... meh. Too much trouble. // Edit - I made it a function. I guess I'm not that lazy after all $connection = connect_to_mySQL(); // defined in header.php // now create a loop, running from the lowest index to the highest // Some indices (in rare cases) may not have an approval/rejection status, but most will // for each that does, send an SQL query to modify the approval/rejection status accordingly $j = 0; for ($i = $minindex; $i <= $maxindex; $i++) { if (!empty($_POST["{$i}"])) { // if there is a new approval/rejection stored in post to send to mySQL $status = $_POST["{$i}"]; // generate an SQL query to update the approval status of the given ID $sql = "\n\t\t\tUPDATE Raw_Submissions\n\t\t\tSET Approval_Status = '{$status}'\n\t\t\tWHERE Submission_ID = '{$i}';"; // run the query if (!mysql_query($sql)) { die('Error:' . mysql_error()); }
function GetName($netid, $startdate = NULL, $enddate = NULL) { $connection = connect_to_mySQL(); // defined in header.php // if all that was supplied was $netid, do this if ($startdate == NULL || $enddate == NULL) { // Create a query. This one I had to look up, but it works: $sql = "SELECT Name, COUNT(*) AS magnitude\n\t\t\t\tFROM Raw_Submissions\n\t\t\t\tWHERE NetID='{$netid}'\n\t\t\t\tGROUP BY Name\n\t\t\t\tORDER BY magnitude DESC\n\t\t\t\tLIMIT 1;"; $result = mysql_query($sql) or die(mysql_error()); if ($result) { $row = mysql_fetch_assoc($result); // This syntax took me forever to find $name = $row['Name']; // } else { $name = 'INVALID_NETID'; // This will be used for simplistic error checking } // As per the above comment, this is the more important error finding statement if (empty($name)) { $name = 'INVALID_NETID'; // This will be used for simplistic error checking } // Free up memory, close out the connection mysql_free_result($result); mysql_close($connection); return $name; } else { if ($enddate == NULL) { return 'Error in Call to GetName() - Invalid input'; } // Create a query. This time, there's a date limitation $sql = "SELECT Name, COUNT(*) AS magnitude\n\t\t\t\tFROM Raw_Submissions\n\t\t\t\tWHERE NetID='{$netid}'\n\t\t\t\tAND Date >= '{$startdate}'\n\t\t\t\tAND Date < '{$enddate}'\n\t\t\t\tGROUP BY Name\n\t\t\t\tORDER BY magnitude DESC\n\t\t\t\tLIMIT 1;"; $result = mysql_query($sql) or die(mysql_error()); if ($result) { $row = mysql_fetch_assoc($result); // This syntax took me forever to find $name = $row['Name']; // } else { $name = 'INVALID_NETID'; // This will be used for simplistic error checking } // As per the above comment, this is the more important error finding statement if (empty($name)) { $name = 'INVALID_NETID'; // This will be used for simplistic error checking } // Free up memory, close out the connection mysql_free_result($result); mysql_close($connection); return $name; } }
function sanitize_input($data) { $connection = connect_to_mySQL(); $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); $data = mysql_real_escape_string($data); mysql_close($connection); return $data; }