-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplan_details_script.php
78 lines (63 loc) · 2.61 KB
/
plan_details_script.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
// It will not allow direct access to this file by any user.
if(!isset($_SERVER['HTTP_REFERER'])){
header('location:index.php');
exit;
}
require("includes/common.php");
$title = $_POST['title'];
$dateFrom = $_POST['dateFrom'];
$dateTo = $_POST['dateTo'];
$initialBudget = $_POST['initialBudget'];
$peoples = $_POST['peoples'];
// escape all special characters for use in an SQL query
$title = mysqli_real_escape_string($con, $title);
$initialBudget = mysqli_real_escape_string($con, $initialBudget);
$peoples = mysqli_real_escape_string($con, $peoples);
$arrPeople = array();
// store values of people in the array of arrPeople variable.
for ($i = 0; $i < $peoples; $i++) {
$str = $_POST["person" . ($i + 1)];
$str = mysqli_real_escape_string($con, $str);
// if person name must not be empty
if (strlen($str) <= 0) {
echo "<script>alert('Person must not be empty')</script>";
echo "<script>location.href='new_plan.php'</script>";
}
// storing people name in PERSONS table
$query = "INSERT INTO persons(name) VALUES('$str')";
mysqli_query($con, $query) or die(mysqli_error($con));
// Storing id of person in the array.
$idPerson = mysqli_insert_id($con);
array_push($arrPeople, $idPerson);
}
// some basic validation of strings, strings must not be empty.
if (strlen($title) <= 0 || $initialBudget <= 0 || $peoples <= 0) {
echo "<script>alert('Check Your Inputs')</script>";
echo "<script>location.href='new_plan.php'</script>";
}
// chanage the date fomate for mysql database.
// $originalDate = "2010-03-21";
// $newDate = date("d-m-Y", strtotime($originalDate));
$newDateFrom = date("Y-m-d", strtotime($dateFrom));
$newDateTo = date("Y-m-d", strtotime($dateTo));
// Store the data in the PLAN Table.
echo "<script>alert('$peoples')</script>";
$query = "INSERT INTO plan(initial_budget,peoples_in_grp,title,date_from,date_to,user_id)
VALUES($initialBudget,$peoples,'$title','$newDateFrom','$newDateTo',{$_SESSION['user_id']} ) ";
mysqli_query($con, $query) or die(mysqli_error($con));
$idPlan = mysqli_insert_id($con);
// Store persons names in peoples_in_grp table
foreach ($arrPeople as $i){
$query = "INSERT INTO peoples_in_grp(plan_id,person_id) VALUES($idPlan,$i)";
mysqli_query($con, $query) or die(mysqli_error($con));
}
header('location:dashboard.php');
/* note
- first change the date format for mysql database.
- insert data of PERSONS
collect id of PERSONS in array
- insert data of PLAN
collect id of Plan in variable
- insert data of PEOPLES_IN_GRP
*/