/**
* Sets meta information about the student
*
* Collects any meta information for the student from the meta database table, so that it can
* be shown on the box at the top of the window. This information is stored in an array, which
* can be accessed as and when by the getMeta function
*
* @see getMeta
* @param int $studentID The ID of the student passed to this file
* @param mixed $databaseConnection A link to the current database connection
* @returns array An array of student meta information
*/
function setMeta($studentID, $databaseConnection)
{
// Array to hold the information about the student, which is returned when the function ends
$metaInformation = array();
// Making sure that there is an ID for the student passed
if (!empty($studentID)) {
// Sanitising the query
$studentID = $databaseConnection->real_escape_string($studentID);
$metaInformation["studentID"] = $studentID;
// Getting the name of the student
$sqlStudentName = "SELECT StudentForename, StudentSurname FROM `sen_info`.`tbl_students` WHERE (studentID = {$studentID})";
$queryResultStudentName = dbSelect($sqlStudentName, $databaseConnection);
// Seeing if any results were found, and filling in the meta information array
if (dbSelectCountRows($queryResultStudentName) > 0) {
foreach (dbSelectGetRows($queryResultStudentName) as $row) {
$metaInformation["studentForename"] = $row['StudentForename'];
$metaInformation["studentSurname"] = $row['StudentSurname'];
}
}
// Getting additional meta information about the student
$sqlStudentMeta = "SELECT * FROM `sen_info`.`tbl_student_meta` WHERE (studentID = {$studentID})";
$queryResultStudentMeta = dbSelect($sqlStudentMeta, $databaseConnection);
// Seeing if any results were found, and filling in the meta information array
if (dbSelectCountRows($queryResultStudentMeta) > 0) {
foreach (dbSelectGetRows($queryResultStudentMeta) as $row) {
$metaInformation["yearGroup"] = $row['YearGroup'];
$metaInformation["house"] = $row['House'];
$metaInformation["form"] = $row['Form'];
$metaInformation["dob"] = $row['DoB'];
$metaInformation["comment"] = $row['Comment'];
// Note: Any additional rows added to the meta table should be added here
}
}
}
// Return any meta information that has been collected
return $metaInformation;
}
die('<h2>The config file was not found. Contact your network admin.</h2>');
}
// Getting any settings from the config file
require './config.php';
// Loading the functions file
require './functions.php';
// Connecting to the database and saving the connection to it for use later
$databaseConnection = dbConnect($CFG['DBHost'], $CFG['DBUser'], $CFG['DBPass'], $CFG['DBName']);
// Sanitising all POSTS to this page
$sessionID = $databaseConnection->real_escape_string($_POST['cookie']);
$messageID = $databaseConnection->real_escape_string($_POST['messageID']);
// Generating a list of comments relevant to this message thread
// and displaying them for the user to see
$sqlMessageThread = "SELECT * FROM `sen_info`.`tbl_comments` WHERE (MessageID = " . $messageID . ")";
$queryResultMessageThread = dbSelect($sqlMessageThread, $databaseConnection);
if (dbSelectCountRows($queryResultMessageThread) > 0) {
// Saving the results of the comment thread to a variable,
// which is returned once the comment thread has been created
$commentThreadHtml = '';
foreach (dbSelectGetRows($queryResultMessageThread) as $comment) {
// Getting the name of the staff member who wrote the comment
$sqlStaffFullName = "SELECT StaffForename, StaffSurname FROM `sen_info`.`tbl_staff` WHERE (StaffUsername = '******'StaffUsername'] . "')";
$queryResultStaffFullname = dbSelect($sqlStaffFullName, $databaseConnection);
$tableRows = dbSelectGetRows($queryResultStaffFullname);
$staffForename = $tableRows[0]['StaffForename'];
$staffSurname = $tableRows[0]['StaffSurname'];
$staffFullName = $staffForename . " " . $staffSurname;
// Creating the comment thread HTML code, to pass back to the AJAX call
$commentThreadHtml .= '<div class="modal--comment_thread--comment-div" id="modal--comment_thread--comment-id_' . $comment['CommentID'] . '">';
$commentThreadHtml .= '<p class="modal--comment_thread--comment-text">' . nl2br($comment['Comment']) . '</p>';
$commentThreadHtml .= '<span class="modal--comment_thread--comment-meta pull-right">' . $staffFullName . ' — ' . substr($comment['CommentDate'], 0, 10) . '</span>';
// return 'no results found'
if (isset($_POST['query'])) {
// Sanitising the query
$searchQuery = $databaseConnection->real_escape_string($_POST['query']);
// Splitting the search query on spaces, if they exist
$searchTerms = explode(" ", $searchQuery);
// Seeing if there's anything in searchTerms[1]. If not, make it the same as
// searchTerms[0], to prevent undefined offset errors.
if (strpos($searchQuery, ' ') === FALSE) {
$searchTerms[1] = $searchTerms[0];
}
$studentResults = array();
// Generating the search query and running it
// Note: searchTerms[0] should be the forename, searchTerms[1] the surname
$sql = "SELECT * FROM `sen_info`.`tbl_students` WHERE (studentForename LIKE '%{$searchTerms['0']}%') OR (studentSurname LIKE '%{$searchTerms['1']}%')";
$queryResult = dbSelect($sql, $databaseConnection);
// Seeing if any results were found
if (dbSelectCountRows($queryResult) > 0) {
echo createDetailLink(dbSelectGetRows($queryResult));
} else {
echo "No results found";
}
// Showing the add button, with the name parts filled in
echo addStudentButton($searchTerms[0], $searchTerms[1]);
} else {
echo "No results found";
// Showing the add button, without the name parts filled in
echo addStudentButton();
}
// Closing the connection to the database
dbClose($databaseConnection);
/**
* Gets all rows returned from the result of the database SELECT query
*
* @see dbSelect
* @see dbSelectGetRow
* @see dbSelectCountRows
* @param mixed $queryResult The object that holds the results of a SQL query
* @return array The data from the selected rows
*/
function dbSelectGetRows($queryResult)
{
$allRows = array();
$totalRows = dbSelectCountRows($queryResult);
for ($row = 0; $row <= $totalRows - 1; $row++) {
$allRows[] = dbSelectGetRow($queryResult, $row);
}
return $allRows;
}