include_once '../header.php';
// header info (CSS, etc) is consistent. This will make updating style easier. I think.
// NOTE: because we're down a directory, we use '../header.php' instead of '/header.php' - If we went down another directory,
// it would become ../../header.php. Just something to note if you're creating a new folder somewhere
?>
<body>
<div id="container">
<h1> Chapin Hall Points - Points Approval </h1>
<?php
// first up, retireve our session variables.
$minindex = $_SESSION['minindex'];
$maxindex = $_SESSION['maxindex'];
// fire up SQL - This code should look familiar by now. I should really make this a function... meh. Too much trouble.
// Edit - I made it a function. I guess I'm not that lazy after all
$connection = connect_to_mySQL();
// defined in header.php
// now create a loop, running from the lowest index to the highest
// Some indices (in rare cases) may not have an approval/rejection status, but most will
// for each that does, send an SQL query to modify the approval/rejection status accordingly
$j = 0;
for ($i = $minindex; $i <= $maxindex; $i++) {
if (!empty($_POST["{$i}"])) {
// if there is a new approval/rejection stored in post to send to mySQL
$status = $_POST["{$i}"];
// generate an SQL query to update the approval status of the given ID
$sql = "\n\t\t\tUPDATE Raw_Submissions\n\t\t\tSET Approval_Status = '{$status}'\n\t\t\tWHERE Submission_ID = '{$i}';";
// run the query
if (!mysql_query($sql)) {
die('Error:' . mysql_error());
}
function GetName($netid, $startdate = NULL, $enddate = NULL)
{
$connection = connect_to_mySQL();
// defined in header.php
// if all that was supplied was $netid, do this
if ($startdate == NULL || $enddate == NULL) {
// Create a query. This one I had to look up, but it works:
$sql = "SELECT Name, COUNT(*) AS magnitude\n\t\t\t\tFROM Raw_Submissions\n\t\t\t\tWHERE NetID='{$netid}'\n\t\t\t\tGROUP BY Name\n\t\t\t\tORDER BY magnitude DESC\n\t\t\t\tLIMIT 1;";
$result = mysql_query($sql) or die(mysql_error());
if ($result) {
$row = mysql_fetch_assoc($result);
// This syntax took me forever to find
$name = $row['Name'];
//
} else {
$name = 'INVALID_NETID';
// This will be used for simplistic error checking
}
// As per the above comment, this is the more important error finding statement
if (empty($name)) {
$name = 'INVALID_NETID';
// This will be used for simplistic error checking
}
// Free up memory, close out the connection
mysql_free_result($result);
mysql_close($connection);
return $name;
} else {
if ($enddate == NULL) {
return 'Error in Call to GetName() - Invalid input';
}
// Create a query. This time, there's a date limitation
$sql = "SELECT Name, COUNT(*) AS magnitude\n\t\t\t\tFROM Raw_Submissions\n\t\t\t\tWHERE NetID='{$netid}'\n\t\t\t\tAND Date >= '{$startdate}'\n\t\t\t\tAND Date < '{$enddate}'\n\t\t\t\tGROUP BY Name\n\t\t\t\tORDER BY magnitude DESC\n\t\t\t\tLIMIT 1;";
$result = mysql_query($sql) or die(mysql_error());
if ($result) {
$row = mysql_fetch_assoc($result);
// This syntax took me forever to find
$name = $row['Name'];
//
} else {
$name = 'INVALID_NETID';
// This will be used for simplistic error checking
}
// As per the above comment, this is the more important error finding statement
if (empty($name)) {
$name = 'INVALID_NETID';
// This will be used for simplistic error checking
}
// Free up memory, close out the connection
mysql_free_result($result);
mysql_close($connection);
return $name;
}
}
function sanitize_input($data)
{
$connection = connect_to_mySQL();
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
mysql_close($connection);
return $data;
}
