?>
</textarea> </label>
<div class="buttons">
<input type="submit" name="submit" id="submit" value="Submit" /> <input
type="reset" value="Clear" />
</div>
<div class="req_fields_text">
* Required fields
</div>
</fieldset>
</form>
<?php
} else {
//set fields to null if empty.
//otherwise place post_variable as string.
$notes = prepare_optional($mysqli->real_escape_string($_POST['notes']));
$sport = $mysqli->real_escape_string($_POST['sport']);
$query = "CALL EditEquipment('" . $_SESSION['brand_edit'] . "',\r\n'" . $_SESSION['model_edit'] . "', '{$brand}', '{$model}',\r\n'{$sport}', {$notes})";
if ($mysqli->multi_query($query)) {
do {
$result = $mysqli->store_result();
if ($result) {
$result->close();
}
} while ($mysqli->next_result());
}
redirect($_SESSION['url'], 301);
}
} else {
?>
<h2>
//create birthdate as date format if day, month and year is chosen.
if (!empty($_POST['month']) && !empty($_POST['day']) && !empty($_POST['year'])) {
$birthdate = $mysqli->real_escape_string($_POST['year']) . "-" . $mysqli->real_escape_string($_POST['month']) . "-" . $mysqli->real_escape_string($_POST['day']);
$birthdate = "'{$birthdate}'";
} else {
$birthdate = "NULL";
}
//set fields to null if empty.
//otherwise place post_variable as string.
$weight = prepare_optional($mysqli->real_escape_string($_POST['weight']));
$height = prepare_optional($mysqli->real_escape_string($_POST['height']));
$rest_hr = prepare_optional($mysqli->real_escape_string($_POST['rest_hr']));
$max_hr = prepare_optional($mysqli->real_escape_string($_POST['max_hr']));
$blood_pres_sys = prepare_optional($mysqli->real_escape_string($_POST['blood_pres_sys']));
$blood_pres_dias = prepare_optional($mysqli->real_escape_string($_POST['blood_pres_dias']));
$team = prepare_optional($mysqli->real_escape_string($_POST['team']));
$query = "CALL InsertPerson({$person}, {$weight}, {$height},\r\n\t\t\t{$birthdate}, {$rest_hr}, {$max_hr}, {$blood_pres_sys},\r\n\t\t\t{$blood_pres_dias}, {$team})";
if ($mysqli->multi_query($query)) {
do {
$result = $mysqli->store_result();
if ($result) {
$result->close();
}
} while ($mysqli->next_result());
}
redirect("./index.php", 301);
}
} else {
?>
<h2>
Add new athlete
</form>
<?php
} else {
//insert new match to the database
/* If time's hours, minutes or seconds field is not selected
* the variable in question gets value zero. Otherwise MatchTime saved to
* the MySQL database would be incorrect. For instance one hour would become
* one second. That's because MySQL time format ignores white spaces.
*/
$hours = prepare_timedate($mysqli->real_escape_string($_POST['hours']));
$minutes = prepare_timedate($mysqli->real_escape_string($_POST['minutes']));
$seconds = prepare_timedate($mysqli->real_escape_string($_POST['seconds']));
//form time
$time = "{$hours}:{$minutes}:{$seconds}";
$time = "'{$time}'";
$description = prepare_optional($mysqli->real_escape_string($_POST['description']));
$sport = $mysqli->real_escape_string($_POST['sport']);
$city = $mysqli->real_escape_string($_POST['city']);
$country = $mysqli->real_escape_string($_POST['country']);
$place = $mysqli->real_escape_string($_POST['place']);
$query = "CALL InsertMatch('{$match}', {$date}, {$time}, '{$sport}',\r\n'{$city}', '{$country}', '{$place}', {$description})";
if ($mysqli->multi_query($query)) {
do {
$result = $mysqli->store_result();
if ($result) {
$result->close();
}
} while ($mysqli->next_result());
}
$home_team = $mysqli->real_escape_string($_POST['home_team']);
$query = "CALL InsertHomeTeam('{$home_team}', '{$match}', {$date}) ";