diff options
Diffstat (limited to 'handle-reservation.php')
-rw-r--r-- | handle-reservation.php | 90 |
1 files changed, 70 insertions, 20 deletions
diff --git a/handle-reservation.php b/handle-reservation.php index 3e24dd8..c61ed3c 100644 --- a/handle-reservation.php +++ b/handle-reservation.php @@ -10,35 +10,85 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { $specialCall = $_POST["scall"]; // TIME - $fromTime = $_POST["sdate"] . $_POST["stime"] . ":00"; - $toTime = $_POST["edate"] . $_POST["etime"] . ":00"; + $fromTime = $_POST["sdate"] . " " . $_POST["stime"] . ":00"; + $toTime = $_POST["edate"] . " " . $_POST["etime"] . ":00"; // FREQUENCIES $frequencies = $_POST["freqs"][0]; - for ($i = 0; $i < sizeof($_POST["freqs"]) - 1; $i++) { - $frequencies += ", " . $_POST["freqs"][$i]; + for ($i = 1; $i < sizeof($_POST["freqs"]); $i++) { + $frequencies .= ", " . $_POST["freqs"][$i]; } // MODES $modes = $_POST["modes"][0]; - for ($i = 0; $i < sizeof($_POST["modes"]) - 1; $i++) { - $modes += ", " . $_POST["modes"][$i]; + for ($i = 1; $i < sizeof($_POST["modes"]); $i++) { + $modes .= ", " . $_POST["modes"][$i]; } // OPERATOR INFORMATION - $operatorCall = $_POST["ocall"] . "<br>"; - $operatorName = $_POST["oname"] . "<br>"; - $operatorEmail = $_POST["email"] . "<br>"; - $operatorPhone = $_POST["phone"] . "<br>"; - - try { - //$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password); - //$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - //$stmt = $conn->prepare("INSERT INTO $table (name, surname, age) VALUES (:name, :surname, :age)"); - //$stmt->bindParam(':name', $_POST['fname']); - //$stmt->execute(); - //echo "<p>Data inserted.</p>"; - } catch (PDOException $e) { - echo "<p>Error!: " . $e->getMessage() . "</p>"; + $operatorCall = $_POST["ocall"]; + $operatorName = $_POST["oname"]; + $operatorEmail = $_POST["email"]; + $operatorPhone = $_POST["phone"]; + + // Sanitize data + $specialCall = clear_input($specialCall); + $fromTime = clear_input($fromTime); + $toTime = clear_input($toTime); + $frequencies = clear_input($frequencies); + $modes = clear_input($modes); + $operatorCall = clear_input($operatorCall); + $operatorName = clear_input($operatorName); + $operatorEmail = clear_input($operatorEmail); + $operatorPhone = clear_input($operatorPhone); + + // Check if something is empty + $is_something_empty = false; + $is_something_empty |= empty($specialCall); + $is_something_empty |= empty($fromTime); + $is_something_empty |= empty($toTime); + $is_something_empty |= empty($frequencies); + $is_something_empty |= empty($modes); + $is_something_empty |= empty($operatorCall); + $is_something_empty |= empty($operatorName); + $is_something_empty |= empty($operatorEmail); + $is_something_empty |= empty($operatorPhone); + + // Operator call sign to uppercase + $operatorCall = strtoupper($operatorCall); + + // Error handling + if ($is_something_empty) { + echo "<p class=\"mid\"><strong>All fields must be filed!</strong></p>"; } + else { + // Send to DB + try { + $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password); + $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $sql = "INSERT INTO $table (specialCall, fromTime, toTime, frequencies, modes, operatorCall, operatorName, operatorEmail, operatorPhone) + VALUES (:specialCall, :fromTime, :toTime, :frequencies, :modes, :operatorCall, :operatorName, :operatorEmail, :operatorPhone)"; + $stmt = $conn->prepare($sql); + $stmt->bindParam(':specialCall', $specialCall); + $stmt->bindParam(':fromTime', $fromTime); + $stmt->bindParam(':toTime', $toTime); + $stmt->bindParam(':frequencies', $frequencies); + $stmt->bindParam(':modes', $modes); + $stmt->bindParam(':operatorCall', $operatorCall); + $stmt->bindParam(':operatorName', $operatorName); + $stmt->bindParam(':operatorEmail', $operatorEmail); + $stmt->bindParam(':operatorPhone', $operatorPhone); + $stmt->execute(); + echo "<p class=\"mid\">Data inserted.</p>"; + } catch (PDOException $e) { + echo "<p class=\"mid\">Error!: " . $e->getMessage() . "</p>"; + } + } +} + +function clear_input($data) { + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; } |