-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathedit.php
108 lines (87 loc) · 3.33 KB
/
edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php
require_once "pdo.php";
session_start();
if (isset($_POST['cancel'])) {
header("Location: index.php");
return;
}
if (isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email']) && isset($_POST['headline']) && isset($_POST['summary']) ) {
if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email']) || empty($_POST['headline']) || empty($_POST['summary'])) {
$_SESSION['error'] = "All fields are required";
header("Location: edit.php?profile_id=".$_GET['profile_id']);
return;
}
if (strpos($_POST['email'], "@") == false) {
$_SESSION['error'] = "Invalid email address";
header("Location: edit.php?profile_id=".$_GET['profile_id']);
return;
}
// $sql = "INSERT INTO profile (user_id, first_name, last_name, email, headline, summary) VALUES (:uid, :fn, :ln, :em, :he, :su)";
$sql = "UPDATE profile SET first_name = :fn, last_name = :ln, email = :em , headline = :he, summary = :su WHERE profile_id = :pi";
$statement = $pdo->prepare($sql);
$statement->execute(array(
":fn" => $_POST['first_name'],
":ln" => $_POST['last_name'],
":em" => $_POST['email'],
":he" => $_POST['headline'],
":su" => $_POST['summary'],
":pi" => $_GET['profile_id']
));
$_SESSION['success'] = "Profile updated";
header("Location: index.php");
return;
}
if (!isset($_GET['profile_id'])) {
$_SESSION['error'] = "Could not load profile";
header("Location: index.php");
return;
}
$statement = $pdo->prepare("SELECT * FROM profile WHERE profile_id = :profile_id");
$statement->execute(array(
":profile_id" => $_GET["profile_id"],
));
$row = $statement->fetch(PDO::FETCH_ASSOC);
if ($row == false) {
$_SESSION['error'] = "Could not load profile";
header("Location: index.php");
return;
}
$first_name = htmlentities($row["first_name"]);
$last_name = htmlentities($row["last_name"]);
$email = htmlentities($row["email"]);
$headline = htmlentities($row["headline"]);
$summary = htmlentities($row["summary"]);
?>
<!DOCTYPE html>
<html>
<body>
<h1>Editing Profile for <?php if (isset($_SESSION['name'])) {
echo $_SESSION['name'];
} ?> </h1>
<?php
if (isset($_SESSION['error'])) {
echo "<p style='color: red'>".$_SESSION['error']."</p>";
unset($_SESSION['error']);
}
?>
<form method="POST">
<p>
First Name: <input type="text" name="first_name" value="<?= $first_name; ?>" />
</p>
<p>
Last Name: <input type="text" name="last_name" value="<?= $last_name; ?>" />
</p>
<p>
Email: <input type="text" name="email" value="<?= $email; ?>" />
</p>
<p>
Headline: <input type="text" name="headline" value="<?= $headline; ?>" />
</p>
<p>
Summary: <textarea name="summary" rows="8" cols="80"><?= $summary; ?></textarea>
</p>
<input type="submit" name="submit" value="Save" />
<input type="submit" name="cancel" value="Cancel" />
</form>
</body>
</html>