-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnewfunko.php
51 lines (51 loc) · 2.63 KB
/
newfunko.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
$pagetitle = "Enter New Funko Pop";
include_once ('header.php');
//$insfunko = (isset($_POST['insertfunko']) ? $_POST['insertfunko'] : null);
$insfunko = mysqli_real_escape_string($con, $_POST['insertfunko']);
if (isset($_SESSION['userid'])){
echo '<BODY onLoad="document.funkodata.popno.focus()">';
if ($insfunko == 1){
$popno = mysqli_real_escape_string($con, $_POST['popno']);
$popname = mysqli_real_escape_string($con, $_POST['popname']);
$popdate = mysqli_real_escape_string($con, $_POST['todaysdate']);
$popcollectionid = mysqli_real_escape_string($con, $_POST['popcollectionid']);
list ($y, $m, $d) = explode('-', $popdate);
if (!checkdate($m, $d, $y)) {
echo 'Date is invalid ' . $popdate . '<BR />';
echo 'Date format is YYYY-MM-DD / 1977-06-07<BR />';
echo 'Please click <A HREF="newfunko.php" CLASS="navlink">HERE</A> to try again';
echo '<BR /><BR />Return to <A HREF="index.php" CLASS="navlink">home</A>.</CENTER></BODY></HTML>';
include_once ('footer.php');
exit();
}
$sqlfunkins = "INSERT INTO funkopops.pops (userid, popno, popname, popcollectionid, inserteddate) VALUES ($userid, $popno, '$popname', $popcollectionid, '$popdate')";
if (!$funkoinsert = $con->query($sqlfunkins)){
die ('There was an error running the query [' . $con->error . ']');
}
echo 'You have successfully entered ' . $popname . ' into the database!<BR />';
echo 'Refreshing page in 2 seconds to add another pop to your collection!<BR />';
header("refresh:2;url=newfunko.php");
} else {
echo '<TABLE BORDER="0">';
echo '<FORM METHOD="POST" ACTION="newfunko.php" NAME="funkodata"><TR><TD>Pop Number: <INPUT TYPE="NUMBER" NAME="popno" MIN="1" MAX="9999" SIZE="5"></TD></TR>';
echo '<TR><TD>Pop Name: <INPUT TYPE="TEXT" NAME="popname" SIZE="40"></TD></TR>';
$sqlpopcollection = "SELECT * FROM popcollection ORDER BY popcollection ASC";
if (!$results = $con->query($sqlpopcollection)){
die ('There was an error running the query [' . $con->error . ']');
}
echo '<TR><TD>Pop Collection: <SELECT NAME="popcollectionid">';
while ($row = $results->fetch_array()){
$pcid = $row['popcollectionid'];
$pcname = $row['popcollection'];
echo '<OPTION VALUE="' . $pcid . '">' . $pcname . '</OPTION>';
}
echo '</TD></TR>';
echo '<TR><TD>Date Purchased: <INPUT NAME="todaysdate" TYPE="DATE" PLACEHOLDER="1977-06-07" VALUE="' . date('Y-m-d') . '"></TD></TR>';
echo '<TR><TD><INPUT TYPE="HIDDEN" NAME="insertfunko" VALUE="1"><INPUT TYPE="SUBMIT" VALUE="Add Pop to Database"></FORM></TD></TR></TABLE>';
}
} else {
echo 'Please login <A HREF="index.php" CLASS="navlink">HERE</A> before continuing.';
}
include_once ('footer.php');
?>