<?php
//connect
include ("db/connect.php");
//create new/edit
function renderForm($nameS = '', $nummerS = '', $dateS='', $stuckS='', $error='',$id=''){
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title><?php if ($id != '') { echo "Edit Record"; } else { echo "New Record"; } ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($id != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if($error !=''){
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error . "</div>";
}?>
<form action="" method="post">
<div>
<?php
if ($id !=''){?>
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<p>ID:<?php echo $id; ?></p>
<?php } ?>
<strong>Name: </strong> <input type="text" name="name" value="<?php echo $nameS; ?>"/><br/>
<strong>Nummer: </strong> <input type="text" name="nummer" value="<?php echo $nummerS; ?>"/><br/>
<strong>Date: </strong> <input type="text" name="date" value="<?php echo $dateS; ?>"/><br/>
<strong>Stuck: </strong> <input type="text" name="stuck" value="<?php echo $stuckS; ?>"/><br/>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
EDIT RECORD
*/
// if the 'id' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['id']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'id' in the URL is valid
if (is_numeric($_POST['id']))
{
// get variables from the URL/form
$id = $_POST['id'];
$name = htmlentities($_POST['name'], ENT_QUOTES);
$nummer = htmlentities($_POST['nummer'], ENT_QUOTES);
$stuck = htmlentities($_POST['stuck'], ENT_QUOTES);
$cdate = htmlentities($_POST['date'], ENT_QUOTES);
//check if empty
if($name == '' || $nummer == '' || $stuck == ''){
$error = 'ERROR: Please fill in all required fields!';
renderForm($name, $nummer, $date, $stuck, $error, $id);
}else{
// if everything is fine, update the record in the database
if($stmt = $mysqli->prepare("UPDATE ware SET name = ?, nummer = ?, cdate=?, stuck =? WHERE id=?")){
$stmt->bind_param("ssi",$name,$nummer, $cdate, $stuck,$id);
$stmt->execute();
$stmt->close();
}else{
//show error
echo "ERROR: could not prepare SQL statement.";
}
header("location:view.php");
}
}
// if the 'id' variable is not valid, show an error message
else
{
echo "Error!";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'id' value is valid
if (is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// get 'id' from URL
$id = $_GET['id'];
// get the recod from the database
if($stmt = $mysqli->prepare("SELECT * FROM ware WHERE id=?"))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->bind_result($id,$name, $nummer, $cdate, $stuck);
$stmt->fetch();
//show form
renderForm($name, $nummer, $cdate, $stuck, NULL, $id);
$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'id' value is not valid, redirect the user back to the view.php page
else
{
header("Location: view.php");
}
}
}
/*
NEW RECORD
*/
// if the 'id' variable is not set in the URL, we must be creating a new record
else
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data
$name = htmlentities($_POST['name'], ENT_QUOTES);
$nummer = htmlentities($_POST['nummer'], ENT_QUOTES);
$stuck = htmlentities($_POST['stuck'], ENT_QUOTES);
$cdate = date ("d-m-y");
// check that are both not empty
if ($name == '' || $nummer == '' || $stuck == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($name, $nummer, $cdate, $stuck, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT ware (name, nummer, cdate, stuck) VALUES (?, ?,?,?)"))
{
$stmt->bind_param("ss", $name, $nummer,$cdate, $stuck);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}
// redirec the user
header("Location: view.php");
}
}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}
// close the mysqli connection
$mysqli->close();
?>