function updateExecute() { if (!is_numeric($_POST['CustomerID'])) { //data must be alphanumeric only feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect(THIS_PAGE); } $iConn = IDB::conn(); //must have DB as variable to pass to mysqli_real_escape() via iformReq() $redirect = THIS_PAGE; //global var used for following formReq redirection on failure $CustomerID = iformReq('CustomerID', $iConn); //calls mysqli_real_escape() internally, to check form data $FirstName = strip_tags(iformReq('FirstName', $iConn)); $LastName = strip_tags(iformReq('LastName', $iConn)); $Email = strip_tags(iformReq('Email', $iConn)); //next check for specific issues with data if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) { //data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation", "warning"); myRedirect(THIS_PAGE); } if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid", "warning"); myRedirect(THIS_PAGE); } //build string for SQL insert with replacement vars, %s for string, %d for digits $sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d"; # sprintf() allows us to filter (parameterize) form data $sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID); @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR)); #feedback success or failure of update if (mysqli_affected_rows($iConn) > 0) { //success! provide feedback, chance to change another! feedback("Data Updated Successfully!", "success"); } else { //Problem! Provide feedback! feedback("Data NOT changed!", "warning"); } myRedirect(THIS_PAGE); }
function insertExecute() { $iConn = IDB::conn(); //must have DB as variable to pass to mysqli_real_escape() via iformReq() $redirect = THIS_PAGE; //global var used for following formReq redirection on failure $FirstName = strip_tags(iformReq('FirstName', $iConn)); $LastName = strip_tags(iformReq('LastName', $iConn)); $Email = strip_tags(iformReq('Email', $iConn)); //next check for specific issues with data if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) { //data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation"); myRedirect(THIS_PAGE); } if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid"); myRedirect(THIS_PAGE); } //build string for SQL insert with replacement vars, %s for string, %d for digits $sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')"; # sprintf() allows us to filter (parameterize) form data $sql = sprintf($sql, $FirstName, $LastName, $Email); @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR)); #feedback success or failure of update if (mysqli_affected_rows($iConn) > 0) { //success! provide feedback, chance to change another! feedback("Customer Added Successfully!", "notice"); } else { //Problem! Provide feedback! feedback("Customer NOT added!"); } myRedirect(THIS_PAGE); }