function displayLeaveForm($config)
{
    $mysqli = $config->mysqli;
    //check if we're coming from an edit button on the submitted report
    $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : false;
    $updatingRequest = isset($_POST['formName']) ? $_POST['formName'] : false;
    $updatingRequest = isset($_POST['duplicateBtn']) ? "duplicateRequest" : $updatingRequest;
    $findBtn = isset($_POST['findBtn']) ? true : false;
    $requestAccepted = false;
    //echo "updatingRequest = $updatingRequest"; //DEBUG
    if ($totalRows && $updatingRequest && !$findBtn) {
        for ($i = 0; $i < $totalRows; $i++) {
            if (isset($_POST['editBtn' . $i])) {
                $referNum = $_POST['requestID' . $i];
            }
        }
        if (!empty($referNum)) {
            $myq = 'SELECT REQUEST.IDNUM, TIMETYPEID, BEGTIME, ENDTIME, NOTE, CALLOFF, USEDATE, SUBTYPE,
                LNAME, FNAME
                FROM REQUEST, EMPLOYEE
                WHERE EMPLOYEE.IDNUM=REQUEST.IDNUM
                AND REFER=' . $config->mysqli->real_escape_string($referNum);
            $result = $mysqli->query($myq);
            SQLerrorCatch($mysqli, $result);
            $row = $result->fetch_assoc();
            //set posts to pre-fill form from record we want to edit
            $_POST['referNum'] = $referNum;
            $_POST['type'] = $row['TIMETYPEID'];
            $_POST['ID'] = $row['IDNUM'];
            $_POST['beg1'] = substr($row['BEGTIME'], 0, 2);
            $_POST['beg2'] = substr($row['BEGTIME'], 3, 2);
            $_POST['end1'] = substr($row['ENDTIME'], 0, 2);
            $_POST['end2'] = substr($row['ENDTIME'], 3, 2);
            $_POST['comment'] = $row['NOTE'];
            $_POST['calloff'] = $row['CALLOFF'];
            $_POST['usedate'] = $row['USEDATE'];
            $_POST['subtype'] = $row['SUBTYPE'];
            $foundUserFNAME = $row['FNAME'];
            $foundUserLNAME = $row['LNAME'];
            $foundUserID = $row['IDNUM'];
            //var_dump($_POST);
        }
    }
    //Get all passed variables
    $postID = isset($_POST['ID']) ? $_POST['ID'] : $_SESSION['userIDnum'];
    $postThruDate = isset($_POST['thrudate']) ? $_POST['thrudate'] : false;
    $shiftLength = isset($_POST['shift']) ? $_POST['shift'] : '';
    $postBeg1 = isset($_POST['beg1']) ? $_POST['beg1'] : null;
    $postBeg2 = isset($_POST['beg2']) ? $_POST['beg2'] : null;
    if (!empty($postBeg1) && !empty($postBeg2)) {
        $postBegin = $postBeg1 . $postBeg2;
    } else {
        $postBegin = false;
    }
    $postEnd1 = isset($_POST['end1']) ? $_POST['end1'] : null;
    $postEnd2 = isset($_POST['end2']) ? $_POST['end2'] : null;
    if (!empty($postEnd1) && !empty($postEnd2)) {
        $postEnding = $postEnd1 . $postEnd2;
    } else {
        $postEnding = false;
    }
    if (!isset($_POST['shift'])) {
        if ($postBegin == $postEnding) {
            $postBegin = false;
            $postEnding = false;
        }
    }
    $type = isset($_POST['type']) ? $mysqli->real_escape_string($_POST['type']) : false;
    $comment = isset($_POST['comment']) ? $mysqli->real_escape_string($_POST['comment']) : false;
    $calloff = isset($_POST['calloff']) ? $_POST['calloff'] : 'NO';
    $auditid = $_SESSION['userIDnum'];
    $postUseDate = isset($_POST['usedate']) ? $_POST['usedate'] : false;
    if (!$postUseDate) {
        $isDateUse = false;
    } else {
        $isDateUse = true;
    }
    $subtype = isset($_POST['subtype']) ? $mysqli->real_escape_string($_POST['subtype']) : 'NONE';
    //Submit Button Pressed.  Add record to the database
    if (isset($_POST['submit']) || isset($_POST['update'])) {
        $ID = $mysqli->real_escape_string(strtoupper($postID));
        $usedate = new DateTime($mysqli->real_escape_string($postUseDate));
        if (!$postThruDate) {
            $daysOff = 0;
        } else {
            $thrudate = new DateTime($mysqli->real_escape_string($postThruDate));
            $daysOffInterval = $usedate->diff($thrudate);
            //number days in given range
            $daysOff = $daysOffInterval->format("%d");
        }
        $beg = new DateTime($mysqli->real_escape_string($postBegin));
        //setting end to beginning so I can add a shift to it if need be
        $end = new DateTime($mysqli->real_escape_string($postBegin));
        if (empty($shiftLength)) {
            //not using a shift length so take the entered time
            $end = new DateTime($mysqli->real_escape_string($postEnding));
        } else {
            //add a shift to the start time
            $end->add(new DateInterval('PT' . $shiftLength . 'H'));
        }
        if ($end < $beg) {
            //add a day to $end if the times crossed midnight
            $end = $end->add(new DateInterval("P1D"));
        }
        //interval calculation in hours
        $endSec = strtotime($end->format("Y-m-d H:i:s"));
        $begSec = strtotime($beg->format("Y-m-d H:i:s"));
        $hours = ($endSec - $begSec) / 3600;
        //SQL TIME format
        $beg = $beg->format("H:i:s");
        $end = $end->format("H:i:s");
        if ($isDateUse) {
            if (!empty($postEnding) || !empty($postBegin)) {
                //query to insert the record. loops until number of days is reached
                if (!isset($_POST['update'])) {
                    $confirmBtn = isset($_POST['confirmBtn']) ? true : false;
                    $noBtn = isset($_POST['noBtn']) ? true : false;
                    for ($i = 0; $i <= $daysOff; $i++) {
                        //Check if useDate is already submitted
                        $myq = "SELECT `REFER` , `IDNUM`, `TIMETYPEID` , `USEDATE` , `ENDTIME` , `BEGTIME` , `SUBTYPE`\r\n                        FROM `REQUEST`\r\n                        WHERE `TIMETYPEID` LIKE '" . $type . "'\r\n                        AND `IDNUM` = '" . $ID . "'\r\n                        AND `USEDATE` = '" . $usedate->format('Y-m-d') . "'";
                        $result = $mysqli->query($myq);
                        SQLerrorCatch($mysqli, $result);
                        if ($result->num_rows > 0 && !$confirmBtn && !$noBtn) {
                            $refNums = "";
                            while ($row = $result->fetch_assoc()) {
                                $refNums .= $row['REFER'] . ', ';
                            }
                            popUpMessage('<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '">                    
                            You already submitted for this type of request on ' . $usedate->format('Y-m-d') . '<br/>
                            Please see Reference Numbers: <br/>' . $refNums . '<br/><br/><h4>Are you sure you want to submit another?</h4>
                                <input type="submit" name="confirmBtn" value="Yes" /> <input type="submit" name="noBtn" value="No" />
                                <input type="hidden" name="type" value="' . $type . '" />
                                <input type="hidden" name="subtype" value="' . $subtype . '" />
                                <input type="hidden" name="shift" value="' . $shiftLength . '" />
                                <input type="hidden" name="ID" value="' . $ID . '" />
                                <input type="hidden" name="usedate" value="' . $postUseDate . '" />
                                <input type="hidden" name="thrudate" value="' . $postThruDate . '" />
                                <input type="hidden" name="beg1" value="' . $postBeg1 . '" />
                                <input type="hidden" name="beg2" value="' . $postBeg2 . '" />
                                <input type="hidden" name="end1" value="' . $postEnd1 . '" />
                                <input type="hidden" name="end2" value="' . $postEnd2 . '" />
                                <input type="hidden" name="comment" value="' . $comment . '" />
                                <input type="hidden" name="calloff" value="' . $calloff . '" />
                                <input type="hidden" name="submit" value="true" />
                                </form></div>');
                        } else {
                            if ($noBtn) {
                                echo 'Canceled Submitting Request.';
                            } else {
                                if (($type == 'OT' || $type == 'AG') && strtotime($usedate->format('Y-m-d')) > strtotime(date('Y-m-d'))) {
                                    echo '<font color="red">Can not submit for Overtime or Comp Time Gain unless it is on or after the date of use</font>';
                                } else {
                                    $myq = "INSERT INTO REQUEST (IDNUM, USEDATE, BEGTIME, ENDTIME, \r\n                            HOURS, TIMETYPEID, SUBTYPE, NOTE, STATUS, REQDATE, \r\n                            AUDITID, IP, CALLOFF)\r\n                                VALUES ('{$ID}', '" . $usedate->format('Y-m-d') . "', '{$beg}', '{$end}', '{$hours}', '{$type}', '{$subtype}', \r\n                                        '{$comment}', 'PENDING', NOW(),'{$auditid}',INET_ATON('{$_SERVER['REMOTE_ADDR']}'), '{$calloff}')";
                                    //echo $myq; //DEBUG
                                    $usedate->modify("+1 day");
                                    //add one more day for the next iteration if multiple days off
                                    $result = $mysqli->query($myq);
                                    //show SQL error msg if query failed
                                    if (SQLerrorCatch($mysqli, $result)) {
                                        echo 'Request not accepted.';
                                    } else {
                                        $refInsert = $mysqli->insert_id;
                                        addLog($config, 'New Time Request Submitted with Ref# ' . $refInsert);
                                        echo '<h3>Request accepted. The reference number for this request is <b>' . $refInsert . '</b>.</h3>';
                                        $requestAccepted = true;
                                    }
                                }
                            }
                        }
                        //end validation check
                    }
                    //end for loop
                }
            } else {
                echo '<font color="red" >Must provide a valid Start and End time!</font><br /><br />';
            }
        } else {
            echo '<font color="red" >Must provide a valid Date!</font><br /><br />';
        }
        //update an existing record instead of inserting a new one
        if (isset($_POST['update'])) {
            $myq = "UPDATE REQUEST SET USEDATE='" . $config->mysqli->real_escape_string($usedate->format('Y-m-d')) . "', \r\n                BEGTIME='" . $config->mysqli->real_escape_string($beg) . "', \r\n                ENDTIME='" . $config->mysqli->real_escape_string($end) . "', \r\n                HOURS='" . $config->mysqli->real_escape_string($hours) . "', \r\n                TIMETYPEID='" . $config->mysqli->real_escape_string($type) . "', \r\n                SUBTYPE='" . $config->mysqli->real_escape_string($subtype) . "', \r\n                NOTE='" . $config->mysqli->real_escape_string($comment) . "', \r\n                AUDITID='" . $config->mysqli->real_escape_string($auditid) . "', \r\n                IP=INET_ATON('" . $config->mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "'), \r\n                CALLOFF='" . $config->mysqli->real_escape_string($calloff) . "'\r\n                WHERE REFER=" . $config->mysqli->real_escape_string($_POST['referNum']);
            //echo $myq; //DEBUG
            $result = $mysqli->query($myq);
            //show SQL error msg if query failed
            if (SQLerrorCatch($mysqli, $result)) {
                echo 'Error: Request not updated.';
            } else {
                addLog($config, 'Updated Time Request with Ref# ' . $_POST['referNum']);
                echo '<h3>Request updated successfully.</h3>';
            }
        }
        //end of "is update button pressed?"
    }
    //end of 'is submit or update pressed?'
    if (!isset($_POST['searchBtn'])) {
        ?>
    <h2>Employee Request</h2>
    <?php 
    } else {
        echo '<h3>Lookup User</h3>';
    }
    ?>
      
 <form name="leave" id="leave" method="post" action="<?php 
    echo $_SERVER['REQUEST_URI'];
    ?>
">
      <input type='hidden' name='formName' value='leave' />
     <?php 
    if (isset($_POST['referNum'])) {
        echo 'Reference Request #' . $_POST['referNum'] . '<input type="hidden" name="referNum" value="' . $_POST['referNum'] . '" />';
    }
    $type = isset($_POST['type']) ? $_POST['type'] : '';
    $myq = "SELECT DESCR FROM TIMETYPE WHERE TIMETYPEID='" . $config->mysqli->real_escape_string($type) . "'";
    $result = $mysqli->query($myq);
    SQLerrorCatch($mysqli, $result);
    $typeDescr = $result->fetch_assoc();
    if (!empty($type)) {
        //$_POST['type'] is set
        //hidden field with type set
        echo "<input type='hidden' name='type' value='" . $type . "'>";
        //Lookup Users button pressed
        if (isset($_POST['searchBtn']) || isset($_POST['findBtn'])) {
            //Save any inputed values
            echo '<input type="hidden" name="subtype" value="' . $subtype . '" />';
            echo '<input type="hidden" name="ID" value="' . $postID . '" />';
            echo '<input type="hidden" name="usedate" value="' . $postUseDate . '" />';
            echo '<input type="hidden" name="thrudate" value="' . $postThruDate . '" />';
            echo '<input type="hidden" name="beg1" value="' . $postBeg1 . '" />';
            echo '<input type="hidden" name="beg2" value="' . $postBeg2 . '" />';
            echo '<input type="hidden" name="end1" value="' . $postEnd1 . '" />';
            echo '<input type="hidden" name="end2" value="' . $postEnd2 . '" />';
            echo '<input type="hidden" name="comment" value="' . $comment . '" />';
            echo '<input type="hidden" name="calloff" value="' . $calloff . '" />';
            //Get additional search inputs
            $searchUser = isset($_POST['searchUser']) ? $_POST['searchUser'] : '';
            $isFullTime = isset($_POST['fullTime']) ? true : false;
            $isReserve = isset($_POST['reserve']) ? true : false;
            echo '<input type="checkbox" name="fullTime" ';
            if ($isFullTime) {
                echo 'CHECKED';
            }
            echo ' />Full Time Employee&nbsp;&nbsp;  ';
            echo '<input type="checkbox" name="reserve" ';
            if ($isReserve) {
                echo 'CHECKED';
            }
            echo ' />Reserves<br />';
            echo '<input type="text" name="searchUser" value="' . $searchUser . '" /><input type="submit" name="findBtn" value="Search" /><br /><br />';
            if (isset($_POST['findBtn'])) {
                $rowCount = 0;
                if (!empty($searchUser) && $isFullTime) {
                    $rowCount = selectUserSearch($config, $searchUser, $rowCount, true);
                }
                if ($isReserve) {
                    $rowCount2 = searchReserves($config, $searchUser, $rowCount);
                } else {
                    $rowCount2 = $rowCount;
                }
                $rowCount3 = searchDatabase($config, $searchUser, $rowCount2);
                $totalRowsFound = $rowCount + $rowCount2 + $rowCount3;
                echo '<input type="hidden" name="totalRows" value="' . $totalRowsFound . '" />';
            }
            //end lookup button pressed
        } else {
            $foundUserFNAME = isset($foundUserFNAME) ? $foundUserFNAME : '';
            $foundUserLNAME = isset($foundUserLNAME) ? $foundUserLNAME : '';
            $foundUserName = isset($foundUserName) ? $foundUserName : '';
            $foundUserID = isset($foundUserID) ? $foundUserID : '';
            $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : '';
            if ($totalRows > 0) {
                //get post info providied from search results
                for ($i = 0; $i <= $totalRows; $i++) {
                    if (isset($_POST['foundUser' . $i])) {
                        $foundUserFNAME = $_POST['foundUserFNAME' . $i];
                        $foundUserLNAME = $_POST['foundUserLNAME' . $i];
                        $foundUserName = $_POST['foundUserName' . $i];
                        $foundUserID = $_POST['foundUserID' . $i];
                        if (isset($_POST['isReserve' . $i])) {
                            echo '<input type="hidden" name="isReserve" value="true" />';
                        }
                        break;
                    }
                    //end if
                }
                //end for
            }
            //echo "<p><h3>Type of Request: </h3>" . $typeDescr['DESCR'] . "</p>";
            echo "<p><h3>Type of Request: </h3>";
            selectTimeType($config, "type", $type);
            echo "</p>";
            //subtype choice
            echo "Subtype: ";
            $myq = "SELECT NAME FROM SUBTYPE";
            $result = $mysqli->query($myq);
            SQLerrorCatch($mysqli, $result);
            ?>
  <select name="subtype"> <?php 
            while ($row = $result->fetch_assoc()) {
                if (strcmp($row['NAME'], $subtype) == 0) {
                    echo '<option value="' . $row["NAME"] . '" SELECTED >' . $row["NAME"] . '</option>';
                } else {
                    echo '<option value="' . $row["NAME"] . '">' . $row["NAME"] . '</option>';
                }
            }
            echo "</select> </br>";
            if ($_SESSION['admin'] < 25) {
                //if normal user, allow only their own user name
                echo "<p>User ID: " . $_SESSION['userName'] . "<input type='hidden' name='ID' value='" . $_SESSION['userIDnum'] . "'></p>";
            } else {
                //allow any user to be picked for a calloff entry
                $isCallOff = "";
                if (isset($_POST['calloff'])) {
                    echo '<input type="checkbox" id="calloff" name="calloff" value="YES" CHECKED />';
                } else {
                    echo '<input type="checkbox" id="calloff" name="calloff" value="YES" />';
                }
                //echo 'onclick=\'addLookupButton("leave");\'';
                echo 'Call Off (ie. REPORT OFF)<br/>';
                echo "Employee: ";
                //user ID passed from search
                if ($totalRows > 0) {
                    echo '<input type="hidden" name="ID" value="' . $foundUserID . '" />' . $foundUserLNAME . ', ' . $foundUserFNAME;
                } else {
                    //dropDownMenu($mysqli, 'FULLNAME', 'EMPLOYEE', $postID, 'ID');
                    $myq = "SELECT `IDNUM` , `LNAME` , `FNAME` \r\n                            FROM `EMPLOYEE`\r\n                            WHERE `IDNUM` = " . $config->mysqli->real_escape_string($postID);
                    $result = $mysqli->query($myq);
                    SQLerrorCatch($mysqli, $result);
                    $row = $result->fetch_assoc();
                    echo $row['LNAME'] . ', ' . $row['FNAME'] . "<input type='hidden' name='ID' value='" . $postID . "'>";
                }
                echo ' <input type="submit" name="searchBtn" value="Lookup Employee" />';
                ?>
                    <script language="JavaScript" type="text/javascript">   
                    function addLookupButton(formName) {
//                        var _form = document.getElementById(formName);
//                        var _calloff = document.getElementById('calloff');
//                        if(_calloff.checked){
//                            if(document.getElementById('jsearchBtn')){}
//                            else{
//                                var _search = document.createElement('input');
//                                _search.type = "submit";
//                                _search.name = "searchBtn";
//                                _search.value = "Lookup Employee";
//                                _search.id = "jsearchBtn";
//                                _search.onclick = function(){_form.submit()};
//                                //_form.appendChild(_search);
//                                _form.insertBefore(_search, _calloff);
//                            }   
//                        }
//                        else{
//                            if(document.getElementById('jsearchBtn')){
//                                var _oldSearch = document.getElementById('jsearchBtn');
//                                _form.removeChild(_oldSearch);
//                            }
//                        }
                    }
                    </script>
                    <?php 
            }
            ?>
                <p>Date of use/accumulation: <?php 
            displayDateSelect('usedate', 'date_1', $postUseDate, true, !$isDateUse);
            ?>
                    Through date (optional): <?php 
            displayDateSelect('thrudate', 'date_2');
            ?>
</p>
                <p>Start time: <?php 
            showTimeSelector("beg", $postBeg1, $postBeg2);
            ?>
                <?php 
            if ($type == 'PR') {
                echo "<input type='radio' name='shift' value='8'>8 hour shift";
                echo "<input type='radio' name='shift' value='12'>12 hour shift";
                echo "</br>(Personal time must be used for an entire shift.)";
            } else {
                ?>
 End time: <?php 
                showTimeSelector("end", $postEnd1, $postEnd2);
                ?>
</p> <?php 
            }
            ?>
 


                </br>
                <p>Comment: <textarea rows="3" cols="40" name="comment" ><?php 
            echo $comment;
            ?>
</textarea></p>
                <?php 
            //popUpMessage($updatingRequest);
            if ($updatingRequest === 'submittedRequests' || $requestAccepted) {
                echo '<p><input type="hidden" name="formName" value="submittedRequests" />
                        <input type="submit" name="update" value="Update Request">
                        <input type="submit" name="duplicateBtn" value="Duplicate Request" />
                        <INPUT TYPE="button" value="Back to My Requests" onClick="parent.location=\'wts_index.php?myReq=true\'"></p>';
            } else {
                if (strpos($updatingRequest, 'hrEmpRep=true')) {
                    echo '<p><input type="hidden" name="formName" value="submittedRequests" />
                        <input type="submit" name="update" value="Update Request">
                        <input type="submit" name="duplicateBtn" value="Duplicate Request" />
                        <INPUT TYPE="button" value="Back to Approvals" onClick="parent.location=\'' . $updatingRequest . '\'"></p>';
                } else {
                    echo '<p><input type="submit" name="submit" value="Submit for Approval"></p>';
                }
            }
            ?>

        </form> 


        <?php 
        }
    } else {
        //intitial choice of type
        echo "<p><h3>Type of Request: </h3>";
        dropDownMenu($mysqli, 'DESCR', 'TIMETYPE', FALSE, 'type');
        echo "</p>";
    }
}
Exemplo n.º 2
0
function resultTable($mysqli, $result, $isEditable = true)
{
    //get the current page name to use as form action
    $action = $_SERVER['REQUEST_URI'];
    $numOfCols = $mysqli->field_count;
    //get number of columns
    $isEditBtn = isset($_POST['editBtn']);
    //echo '<table border="1" ><tr>';
    echo '<link rel="stylesheet" href="templetes/DarkTemp/styles/tableSort.css" />
        <script type="text/javascript" src="bin/jQuery/js/tableSort.js"></script>
            <div id="wrapper">
            <table class="sortable" id="sorter">';
    //fetch and write field names
    $i = 0;
    $fieldNameArray = array();
    //to store original column names as in SQL
    $fieldNameAliasArray = array();
    //to store column aliases applied in a query
    $tableNameArray = array();
    //to store original table name
    $result->data_seek(0);
    while ($finfo = mysqli_fetch_field($result)) {
        echo "<th>" . $finfo->name . "</th>";
        // original names of formatted columns
        switch ($finfo->name) {
            case 'Requested':
                $fieldNameArray[$i] = 'REQDATE';
                break;
            case 'Used':
                $fieldNameArray[$i] = 'USEDATE';
                break;
            case 'Start':
                $fieldNameArray[$i] = 'BEGTIME';
                break;
            case 'End':
                $fieldNameArray[$i] = 'ENDTIME';
                break;
            default:
                $fieldNameArray[$i] = $finfo->orgname;
        }
        $fieldNameAliasArray[$i] = $finfo->name;
        $tableNameArray[$i] = $finfo->orgtable;
        $i++;
    }
    //print_r($fieldNameArray); //DEBUG
    echo '</tr>';
    //end the table heading record
    $result->data_seek(0);
    while ($row = $result->fetch_assoc()) {
        echo "<tr>";
        if ($isEditBtn) {
            echo "<form action='" . $action . "' method='post' name='saveBtn'>";
        }
        //begin data record and form
        for ($fieldCounter = 0; $numOfCols > $fieldCounter; $fieldCounter++) {
            if ($isEditBtn) {
                if (!dropDownMenu($mysqli, $fieldNameArray[$fieldCounter], $tableNameArray[$fieldCounter], $row["{$fieldNameAliasArray[$fieldCounter]}"], $fieldNameAliasArray[$fieldCounter])) {
                    echo "<td><input type='text' name='{$fieldNameAliasArray[$fieldCounter]}' value='{$row["{$fieldNameAliasArray[$fieldCounter]}"]}'></td>";
                }
            } else {
                //one cell of data
                echo "<td style='white-space: nowrap'>{$row["{$fieldNameAliasArray[$fieldCounter]}"]}</td>";
                //echo "<td><a href='".$_SERVER['REQUEST_URI']."&editRecord=true'>${row["$fieldNameAliasArray[$fieldCounter]"]}</a></td>";
            }
        }
        //loop through fields
        if ($isEditBtn) {
            echo '<td><input type="submit" name="saveBtn" value="Save" /></td>';
            echo '</tr></form>';
            //end data record and form
        }
        echo '</tr>';
        //end data record
    }
    //loop through records
    echo '</tr>';
    echo '</table></div>
            <script type="text/javascript">
                var sorter=new table.sorter("sorter");
                sorter.init("sorter",1);
            </script>';
    ?>
    <form action="<?php 
    echo $action;
    ?>
" method="post" name="editBtn">
    <?php 
    //only let supervisors or higher edit requests
    if ($_SESSION['admin'] > 0 && $isEditable) {
        echo "<p><input type='submit' name='editBtn' value='Edit'></p></form>";
    }
    //write any updates to DB when Save is pressed
    if (isset($_POST['saveBtn'])) {
        //$result = $mysqli->query($myq);
        //construct assoc array of user provided values in a format useful for SQL
        $values = array();
        //print_r($fieldNameArray); //DEBUG
        for ($i = 0; $i < $numOfCols; $i++) {
            //fields that are not allowed to be edited
            if (!($fieldNameArray[$i] == 'AUDITID' || $fieldNameArray[$i] == 'IP' || $fieldNameArray[$i] == 'STATUS' || $fieldNameArray[$i] == 'APPROVEDBY' || $fieldNameArray[$i] == 'REQDATE' || $fieldNameArray[$i] == 'TSTAMP' || $fieldNameArray[$i] == 'Employee' || $tableNameArray[0] == 'REQUEST' && $fieldNameArray[$i] == 'LNAME')) {
                if ($fieldNameArray[$i] == 'DESCR') {
                    //append ID to the table name to get correct fieldname (this requires a DB naming convention to be followed
                    $values["{$fieldNameArray[$i]}"] = $tableNameArray[$i] . "ID=" . "'" . $mysqli->real_escape_string($_POST["{$fieldNameAliasArray[$i]}"]) . "'";
                } else {
                    if (!(strpos($fieldNameArray[$i], 'DATE') === false)) {
                        //assign it as a datetime obj for formatting if it's a date
                        $tempDate = new DateTime($mysqli->real_escape_string($_POST["{$fieldNameAliasArray[$i]}"]));
                        $values["{$fieldNameArray[$i]}"] = $fieldNameArray[$i] . "=" . "'" . $tempDate->format('Y-m-d') . "'";
                    } else {
                        if (!(strpos($fieldNameArray[$i], 'TIME') === false)) {
                            //assign it as a datetime obj for formatting if it's a date
                            $tempDate = new DateTime($mysqli->real_escape_string($_POST["{$fieldNameAliasArray[$i]}"]));
                            $values["{$fieldNameArray[$i]}"] = $fieldNameArray[$i] . "=" . "'" . $tempDate->format('H:i') . "'";
                        } else {
                            $values["{$fieldNameArray[$i]}"] = $fieldNameArray[$i] . "=" . "'" . $mysqli->real_escape_string($_POST["{$fieldNameAliasArray[$i]}"]) . "'";
                        }
                    }
                }
            }
        }
        //print_r($fieldNameArray); //DEBUG
        $csvValues = implode(',', $values);
        $updateQuery = "UPDATE " . $tableNameArray[0] . " SET " . $csvValues . " \n                    WHERE " . $values["{$fieldNameArray['0']}"];
        echo "<br>" . $updateQuery;
        //DEBUG
        //send the update
        $updateResult = $mysqli->query($updateQuery);
        SQLerrorCatch($mysqli, $updateResult);
        //update the AUDITID
        $auditQuery = "UPDATE " . $tableNameArray[0] . " SET AUDITID=" . $_SESSION['userIDnum'];
        $auditResult = $mysqli->query($auditQuery);
    }
}