function addCustomer($custdata) { $message = ""; if ($custdata["fname"] == "") { $message .= "First Name must have a value<br />"; } if ($custdata["lname"] == "") { $message .= "Last Name must have a value<br />"; } if ($custdata["address"] == "") { $message .= "Address must have a value<br />"; } if ($custdata["city"] == "") { $message .= "City must have a value<br />"; } if ($custdata["prov"] == "") { $message .= "Province must have a value<br />"; } if ($custdata["post"] == "") { $message .= "Postal Code must have a value<br />"; } else { if (!preg_match("/^[a-z]\\d[a-z][- ]?\\d[a-z]\\d\$/i", $custdata["post"])) { $message .= "Invalid postal code format<br />"; } } if ($custdata["phone"] == "") { $message .= "Phone Number must have a value<br />"; } if ($message) { return $message; } else { // pass data to database insert function return customerInsert($custdata); // print("inserting data"); } }
} if ($error = $_REQUEST["CustBusPhone"] == "") { $_SESSION['busPhoneMessage'] = "Please enter your Business Phone Number"; } else { $_SESSION["CustBusPhone"] = $_REQUEST["CustBusPhone"]; } if ($error = $_REQUEST["CustEmail"] == "") { $_SESSION['emailMessage'] = "Please enter an email address"; } else { $_SESSION["CustEmail"] = $_REQUEST["CustEmail"]; } if ($error = $_REQUEST["AgentId"] == "") { $_SESSION['agentMessage'] = "Please enter an Agent ID"; } else { $_SESSION["AgentId"] = $_REQUEST["AgentId"]; } // if error is true... if ($error) { // send the messages back to the registration page along with the user. header("Location: registration.php"); } else { // otherwise print out a success message $_SESSION['successfullInsert'] = "<h1>" . $message . "</h1>"; // and run the customerinsert function customerInsert($_REQUEST); // set all the sessions to blank $_SESSION["CustFirstName"] = $_SESSION["CustLastName"] = $_SESSION["CustAddress"] = $_SESSION["CustCity"] = $_SESSION["CustProv"] = $_SESSION["CustPostal"] = $_SESSION["CustCountry"] = $_SESSION["CustHomePhone"] = $_SESSION["CustBusPhone"] = $_SESSION["CustEmail"] = $_SESSION["AgentId"] = ""; header("Location: registration.php"); } } }
// $dbh is the connection being used. // $sql is the code needed to change your DB table $stmt = mysqli_prepare($dbh, $sql); // mysqli_stmt_bind_param takes the prepared variable ($stmt) with the connection and SQL code, and replace the ? with the array data. // It uses the 'sssssssssi' as the types information being passed. mysqli_stmt_bind_param($stmt, "ssssssssssi", $data['CustFirstName'], $data['CustLastName'], $data['CustAddress'], $data['CustCity'], $data['CustProv'], $data['CustPostal'], $data['CustCountry'], $data['CustHomePhone'], $data['CustBusPhone'], $data['CustEmail'], $data['AgentId']); // execute all the above steps. mysqli_stmt_execute($stmt); // if the number of rows change... if (mysqli_stmt_affected_rows($stmt)) { // this returns different values for success and failures. 1 means success and 0 or -1 are failures. // print this message. This says that rows have changed, but doesn't tell you of it worked properly. Needs to be a 1 not 0 or-1 $message = "Customer added successfully!"; } else { // this will print if nothing has change or mysqli_stmt_affected_rows returns a 0. $message = "Adding Customer Failed. Call Technical Support"; } // always close your table and DB so that it can be accessed by others. mysqli_close($dbh); // return the message return $message; } // if someone lands on this page without going through the form page, send them back to the form. if (!isset($_REQUEST['CustFirstName'])) { header("Location: day15form.php"); } else { // validate incoming data. if data not valid, set error message in session //and send back to form page $message = customerInsert($_REQUEST); print "<h2>{$message}</h2>"; }