-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathupdate_author.php
81 lines (72 loc) · 2.08 KB
/
update_author.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<html>
<body>
<?php
$servername = "localhost";
$username = "root";
$password = "hmysqlg@m31";
$dbname = "mydb";
$db = new mysqli($servername, $username, $password, $dbname);
if($db->connect_errno > 0){
die('Unable to connect to database [' . $db->connect_error . ']');
}
$sql_search = '';
$sql_replace = '';
$authID = $_POST['authID'];
// If instead of the empty string ('') I use NULL the comparison returns TRUE (damn php and your types)
if ($authID !== ''){
$sql_search = $sql_search . 'authID = ' . $authID . ' and ';
}
// Pay attention to the escaping quotes. That's because we want to turn the input into a string!
$AFirst = $_POST['AFirst'];
if ($AFirst !== ''){
$sql_search = $sql_search . 'AFirst = \'' . $AFirst . '\' and ';
}
$ALast = $_POST['ALast'];
if ($ALast !== ''){
$sql_search = $sql_search . 'ALast = \'' . $ALast . '\' and ';
}
$Abirthdate = $_POST['Abirthdate'];
if ($Abirthdate !== ''){
$sql_search = $sql_search . 'Abirthdate = ' . $Abirthdate . ' and ';
}
if ($sql_search == ''){
echo 'You have to fill at least one field to search for!';
die();
}
$sql_search = substr($sql_search, 0, -5);
$authID_new = $_POST['authID_new'];
if ($authID_new !== ''){
$sql_replace = $sql_replace . 'authID = ' . $authID_new . ', ';
}
$AFirst_new = $_POST['AFirst_new'];
if ($AFirst_new !== ''){
$sql_replace = $sql_replace . 'AFirst = \'' . $AFirst_new . '\', ';
}
$ALast_new = $_POST['ALast_new'];
if ($ALast_new !== ''){
$sql_replace = $sql_replace . 'ALast = \'' . $ALast_new . '\', ';
}
$Abirthdate_new = $_POST['Abirthdate_new'];
if ($Abirthdate_new !== ''){
$sql_replace = $sql_replace . 'Abirthdate = ' . $Abirthdate_new . ', ';
}
if ($sql_replace == ''){
echo 'You have to fill at least one field to change!';
die();
}
$sql_replace = substr($sql_replace, 0, -2);
$sql = '
UPDATE author
SET ' . $sql_replace . '
WHERE ' . $sql_search . ';
';
if(!$result = $db->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}
?>
<script>
alert("Succesfull Update");
window.location = 'update_author.html';
</script>
</body>
</html>