Code: Select all
<?php
/* addshowname.php */
/* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */
require ('database.php');
require ('style.css');
//This code runs if the form has been submitted
if (isset($_POST['submit']))
{
$error = true;
if(!empty($_FILES['uploadedfile']['name']))
{
// Where the file is going to be placed
$target_path = "../defiant/images/";
/* Add the original filename to our target path.
Result is "images/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$image = $_FILES['uploadedfile']['name'];
$extension = explode(".", $image);
$extension = $extension[count($extension)-1];
if(strtolower($extension) == "jpg")
{
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
{
echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded";
$error = false;
}else{
echo "There was an error uploading the file, please try again!";
}
}else{
echo "The file you chose to upload wasn't a valid jpg file, please try again!";
}
}else{
echo "No File uploaded, please try again!";
}
if(!$error && !empty($_POST['showname']) && !empty($_POST['type']))
{
// checks if the show name is in use
if (!get_magic_quotes_gpc())
{
$_POST['showname'] = addslashes($_POST['showname']);
}
$showname = $_POST['showname'];
$check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'") or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0)
{
die('Sorry, the show name '.$_POST['showname'].' is already in use.');
}
// now we insert it into the database
$insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')";
$add_show = mysql_query($insert) or die(mysql_error());
}
}
print '<center><caption><strong>Add A Show</strong></caption></center>';
print '<form enctype="multipart/form-data" method="post">';
print '<input name="MAX_FILE_SIZE" type="hidden" value="100000">';
print '<table border="1" style="margin: auto; width: 60%;">';
print '<tr><td>Enter Show Name:</td> ';
print '<td><input name="showname" type="text"></td></tr>';
print '<tr><td>Show Type:</td> ';
print '<td><select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></td></tr>';
print '<tr><td>Show Image:</td> ';
print '<td><input name="uploadedfile" type="file"></td></tr>';
print '<tr><th colspan=2><input type="submit" name="submit" value="Add Show Name" /><input name="sumbitted" type="hidden" value="TRUE"></th></tr></table></form><br><br><br>';
print '<center><caption><strong>List of Shows</strong></caption></center>';
print '<table width="60%" border="1" align="center">';
print '<tr><th align="center">ID</th><th align="center">Type</th><th align="center">Show Name</th><th align="center">Show Image</th><th align="center">Edit</th><th align="center">Delete</th></tr>';
if(!isset($_GET['action']) && !isset($_POST['name']))
{
//Define the query
$query = "SELECT * FROM shows";
if ($r = mysql_query ($query)) // Run the query.
{
if (mysql_num_rows($r) > 0)
{
// Retrieve and print every record
while ($row = mysql_fetch_array ($r))
{
print '<tr><td align="center">'.$row['id'].'</td><td align="center">'.$row['type'].'</td><td align="center">'.$row['showname'].'</td><td align="center">'.$row['showimage'].'</td><td align="center"><a href="addshowname.php?action=edit&id='.$row['id'].'"<center>Edit</center></a></td><td align="center"><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>';
}
}else{
print "No Shows\n";
}
}else{
die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>');
} //End of query IF
print '</table>';
}
if(!empty($_GET['action']) && !empty($_GET['id']))
{
switch($_GET['action'])
{
case 'edit':
$query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'";
$res = mysql_fetch_array(mysql_query($query));
print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">');
print('<table border=1 cellpadding=5 cellspacing=0 width=350>');
print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>');
print('<tr><td>Show Type Type:</td><td><select name="type">');
$types = array('Weekly Show','Pay Per View');
foreach($types as $type)
{
if($type == $res['type'])
{
print('<option value="'.$type.'" selected="selected">'.$type.'</option>');
}else{
print('<option value="'.$type.'">'.$type.'</option>');
}
}
print('</select></td></tr>');
print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>');
break;
case 'delete':
$query = "DELETE FROM shows WHERE id = '".$_GET['id']."'";
if(mysql_query($query))
{
echo "Deletion successful.";
}else{
die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>');
}
break;
}
}
if(!empty($_POST['name']) && !empty($_POST['loc']) && !empty($_POST['date']) && !empty($_POST['id']))
{
$query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'";
if(mysql_query($query))
{
echo "Show updated.";
}else{
die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>');
}
}
?>