-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
184 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| <?php | ||
|
|
||
| /*******w******** | ||
| Name: John Kelvin A. Valerio | ||
| Date: 03/13/23 | ||
| Description: Project | ||
| ****************/ | ||
|
|
||
| require('connect.php'); | ||
| //require('authenticate.php'); | ||
|
|
||
|
|
||
| $user_id = 0; | ||
| if (isset($_GET['user_id'])) { | ||
| $user_id = $_GET['user_id']; | ||
| } | ||
|
|
||
| function filteredData() | ||
| { | ||
| if (filter_input(INPUT_GET, 'user_id', FILTER_VALIDATE_INT) === 0) { | ||
| return true; | ||
| } else { | ||
| return filter_input(INPUT_GET, 'user_id', FILTER_VALIDATE_INT); | ||
| } | ||
| } | ||
|
|
||
| if (filteredData()) { | ||
| // SQL is written as a String. | ||
| $query = "SELECT * FROM users WHERE user_id = $user_id"; | ||
|
|
||
| // A PDO::Statement is prepared from the query. | ||
| $statement = $db->prepare($query); | ||
|
|
||
| // Execution on the DB server is delayed until we execute(). | ||
| $statement->execute(); | ||
|
|
||
| $userdata = $statement->fetch(); | ||
| echo($userdata['name']); | ||
| } | ||
| ?> | ||
|
|
||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
|
|
||
| <head> | ||
| <meta charset="UTF-8"> | ||
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <link rel="stylesheet" href="main.css"> | ||
| <title>Edit users!</title> | ||
| </head> | ||
|
|
||
| <body> | ||
| <!-- Remember that alternative syntax is good and html inside php is bad --> | ||
| <div id="wrapper"> | ||
| <div id="header"> | ||
| <h1><a href="index.php">Kelvin's Blog- Edit Users</a></h1> | ||
| </div> | ||
| <ul class="menu"> | ||
| <li><a href="index.php">Home</a></li> | ||
| <li><a href="create.php">New Post</a></li> | ||
| </ul> | ||
| <div id="all_users"> | ||
| <form action="user_post.php" method="post"> | ||
| <fieldset> | ||
| <legend>Edit Blog Post</legend> | ||
| <p> | ||
|
|
||
| <label for="name">Name</label> | ||
| <input name="name" id="name" value="<?= $userdata['name']?>" > | ||
| </p> | ||
| <p> | ||
| <label for="email">Email</label> | ||
| <input name="email" id="email" value="<?= $userdata['email']?>" > | ||
| </p> | ||
| <p> | ||
| <label for="userLvl">User Lvl</label> | ||
| <input name="userLvl" id="userLvl" value="<?= $userdata['user_lvl']?>" > | ||
| </p> | ||
| <p> | ||
| <input type="hidden" name="user_id" value=<?= $user_id?> > | ||
| <input type="submit" name="update" value="Update" > | ||
| <input type="submit" name="delete" value="Delete" | ||
| onclick="return confirm('Are you sure you wish to delete this post?')" > | ||
| </p> | ||
| </fieldset> | ||
| </form> | ||
| </div> | ||
| <div id="footer"> | ||
| Copywrong 2023 - No Rights Reserved | ||
| </div> | ||
| </div> | ||
| </body> | ||
|
|
||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| <?php | ||
|
|
||
| /*******w******** | ||
| Name: John Kelvin A. Valerio | ||
| Date: 03/13/23 | ||
| Description: Project | ||
| ****************/ | ||
|
|
||
| require('connect.php'); | ||
| session_start(); | ||
|
|
||
| if ( | ||
| $_POST | ||
| ) { | ||
| if (isset($_POST['update'])) { | ||
| // Sanitize user input to escape HTML entities and filter out dangerous characters. | ||
| $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRIPPED); | ||
| $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRIPPED); | ||
| $user_lvl = filter_input(INPUT_POST, 'userLvl', FILTER_VALIDATE_INT); | ||
| $user_id = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT); | ||
|
|
||
| // Build the parameterized SQL query and bind to the above sanitized values. | ||
| //$query = "UPDATE content_post SET title=$title, content=$content WHERE id=$id"; | ||
| $query = "UPDATE users SET name = :name, email = :email, user_lvl = :user_lvl WHERE user_id = :user_id"; | ||
| $statement = $db->prepare($query); | ||
|
|
||
| // Bind values to the parameters | ||
| $statement->bindValue(":name", $name); | ||
| $statement->bindValue(":email", $email); | ||
| $statement->bindValue(":user_lvl", $user_lvl); | ||
| $statement->bindValue(":user_id", $user_id); | ||
|
|
||
| // Execute the UPDATE. | ||
| // execute() will check for possible SQL injection and remove if necessary | ||
| if ($statement->execute()) { | ||
| header("Location: userList.php"); | ||
| exit; | ||
| } | ||
|
|
||
| } else if (isset($_POST['delete'])) { | ||
| // Sanitize user input to escape HTML entities and filter out dangerous characters. | ||
| $user_id = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT); | ||
|
|
||
| // Build the parameterized SQL query and bind to the above sanitized values."; | ||
| $query = "DELETE FROM users WHERE user_id = :user_id"; | ||
| $statement = $db->prepare($query); | ||
|
|
||
| // Bind values to the parameters | ||
| $statement->bindParam(":user_id", $user_id); | ||
|
|
||
| // Execute the DELETE. | ||
| // execute() will check for possible SQL injection and remove if necessary | ||
| if ($statement->execute()) { | ||
| header("Location: userList.php"); | ||
| exit; | ||
| } | ||
| } | ||
|
|
||
| } else { | ||
| $errorMessage = "The tweet message or title is empty"; | ||
| } | ||
|
|
||
|
|
||
| ?> | ||
|
|
||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
|
|
||
| <head> | ||
| <meta charset="UTF-8"> | ||
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <link rel="stylesheet" href="main.css"> | ||
| <title>My Drip Post!</title> | ||
| </head> | ||
|
|
||
| <body> | ||
| <!-- Remember that alternative syntax is good and html inside php is bad --> | ||
| <?php if (!empty($errorMessage)): ?> | ||
| <h1> | ||
| <?= $errorMessage ?> | ||
| </h1> | ||
| <?php endif ?> | ||
| </body> | ||
|
|
||
| </html> |