 PHP Page 2 - Making Changes in a Project Management Application |
PHP Explained - PHPThis is the third part of a seven part article series detailing the creation of a project management application. It will discuss how to make changes to the project, such as the project's status, via the edit_project.php script.
print this article SEARCH DEV SHED |
Let's take a closer look at the PHP section of the code. The HTML is not so difficult to understand, so I will just review it briefly later on. The first part, as always, includes the functions and dbcon.php files. It then has a place to initialize variables: <?php include "dbcon.php"; include "functions.php"; //initialise variables $alert =false; // retrieve information based on the user id, that we set in the login page: The project id variable that is received is checked to see if it is a number. If it is not a number, then we know someone has tampered with it and we need to redirect the user to the login page: if(isset($_GET['pid'])){ //clean pid if(!is_numeric($_GET['pid'])){ //the value recieved is not numeric. redirect the user to login header("location:login.php"); } If all is well, we continue to retrieve the project details and store them in the $projectdetails variable: //otherwise clean the recieved value for query use //get projects $projectID = mysql_escape_string($_GET['pid']); $getproject= "SELECT * FROM projects WHERE pid = '".$projectID."'"; $results = mysql_query($getproject); $projectdetails = mysql_fetch_assoc($results); } The code checks to see if the form has been submitted. This would indicate that the user has made his or her changes and is now ready to update the project details: if(isset($_POST['submit'])){ //clean vars $title = mysql_escape_string($_POST['title']); $descr= mysql_escape_string($_POST['descr']); $status =mysql_escape_string($_POST['status']); $createdt = mysql_escape_string($_POST['createdt']); $p_pid = mysql_escape_string($_POST['p_pid']); //build date $duedt = $_POST['yy'] . "-"; if($_POST['mm'] < 10) { $duedt .= "0"; } $duedt .= $_POST['mm'] . "-"; if($_POST['mm'] == 4 || $_POST['mm'] == 6 || $_POST['mm'] == 9 || $_POST['mm'] == 11) { if($_POST['dd'] > 30) { $duedt .= "30"; } else { $duedt .= $_POST['dd']; } } elseif($_POST['mm'] == 2) { if($_POST['yy'] == 2008 || $_POST['yy'] == 2012) { if($_POST['dd'] > 29) { $duedt .= "29"; } else { $duedt .= $_POST['dd']; } } else { if($_POST['dd'] > 28) { $duedt .= "28"; } else { $duedt .= $_POST['dd']; } } } else { $duedt .= $_POST['dd']; } We run an update query and update the project's table: //update $query = "UPDATE projects SET title='" .$title. "', "; $query .= "project_description='" . $descr. "', status='" .$status . "',due_dt='" .$duedt."',"; $query .= "create_dt='" . $createdt. "', u_id='" .$_SESSION['uid'] . "'"; $query .= " WHERE pid='" .$p_pid. "'"; $result=mysql_query($query); if(!$result){ echo mysql_error(); }else{ header("location:main.php"); } }//submit ?>
blog comments powered by Disqus |
|
|
|
|
|
|
|
/ 3 
