From e01eaf5fe114f47f58ddcd81242af786ee06d425 Mon Sep 17 00:00:00 2001
From: Mateja <mail@matejamaric.com>
Date: Fri, 2 Oct 2020 23:08:52 +0200
Subject: index and reservation finished...

---
 handle-reservation.php | 90 +++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 70 insertions(+), 20 deletions(-)

(limited to 'handle-reservation.php')

diff --git a/handle-reservation.php b/handle-reservation.php
index 3e24dd8..c61ed3c 100644
--- a/handle-reservation.php
+++ b/handle-reservation.php
@@ -10,35 +10,85 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
   $specialCall = $_POST["scall"];
 
   // TIME
-  $fromTime = $_POST["sdate"] . $_POST["stime"] . ":00";
-  $toTime = $_POST["edate"] . $_POST["etime"] . ":00";
+  $fromTime = $_POST["sdate"] . " " . $_POST["stime"] . ":00";
+  $toTime = $_POST["edate"] . " " . $_POST["etime"] . ":00";
 
   // FREQUENCIES
   $frequencies = $_POST["freqs"][0];
-  for ($i = 0; $i < sizeof($_POST["freqs"]) - 1; $i++) {
-    $frequencies += ", " . $_POST["freqs"][$i];
+  for ($i = 1; $i < sizeof($_POST["freqs"]); $i++) {
+    $frequencies .= ", " . $_POST["freqs"][$i];
   }
 
   // MODES
   $modes = $_POST["modes"][0];
-  for ($i = 0; $i < sizeof($_POST["modes"]) - 1; $i++) {
-    $modes += ", " . $_POST["modes"][$i];
+  for ($i = 1; $i < sizeof($_POST["modes"]); $i++) {
+    $modes .= ", " . $_POST["modes"][$i];
   }
 
   // OPERATOR INFORMATION
-  $operatorCall = $_POST["ocall"] . "<br>";
-  $operatorName = $_POST["oname"] . "<br>";
-  $operatorEmail = $_POST["email"] . "<br>";
-  $operatorPhone = $_POST["phone"] . "<br>";
-
-  try {
-    //$conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
-    //$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-    //$stmt = $conn->prepare("INSERT INTO $table (name, surname, age) VALUES (:name, :surname, :age)");
-    //$stmt->bindParam(':name', $_POST['fname']);
-    //$stmt->execute();
-    //echo "<p>Data inserted.</p>";
-  } catch (PDOException $e) {
-    echo "<p>Error!: " . $e->getMessage() . "</p>";
+  $operatorCall = $_POST["ocall"];
+  $operatorName = $_POST["oname"];
+  $operatorEmail = $_POST["email"];
+  $operatorPhone = $_POST["phone"];
+
+  // Sanitize data
+  $specialCall = clear_input($specialCall);
+  $fromTime = clear_input($fromTime);
+  $toTime = clear_input($toTime);
+  $frequencies = clear_input($frequencies);
+  $modes = clear_input($modes);
+  $operatorCall = clear_input($operatorCall);
+  $operatorName = clear_input($operatorName);
+  $operatorEmail = clear_input($operatorEmail);
+  $operatorPhone = clear_input($operatorPhone);
+
+  // Check if something is empty
+  $is_something_empty = false;
+  $is_something_empty |= empty($specialCall);
+  $is_something_empty |= empty($fromTime);
+  $is_something_empty |= empty($toTime);
+  $is_something_empty |= empty($frequencies);
+  $is_something_empty |= empty($modes);
+  $is_something_empty |= empty($operatorCall);
+  $is_something_empty |= empty($operatorName);
+  $is_something_empty |= empty($operatorEmail);
+  $is_something_empty |= empty($operatorPhone);
+
+  // Operator call sign to uppercase
+  $operatorCall = strtoupper($operatorCall);
+
+  // Error handling
+  if ($is_something_empty) {
+    echo "<p class=\"mid\"><strong>All fields must be filed!</strong></p>";
   }
+  else {
+    // Send to DB
+    try {
+      $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
+      $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+      $sql = "INSERT INTO $table (specialCall, fromTime, toTime, frequencies, modes, operatorCall, operatorName, operatorEmail, operatorPhone)
+        VALUES (:specialCall, :fromTime, :toTime, :frequencies, :modes, :operatorCall, :operatorName, :operatorEmail, :operatorPhone)";
+      $stmt = $conn->prepare($sql);
+      $stmt->bindParam(':specialCall', $specialCall);
+      $stmt->bindParam(':fromTime', $fromTime);
+      $stmt->bindParam(':toTime', $toTime);
+      $stmt->bindParam(':frequencies', $frequencies);
+      $stmt->bindParam(':modes', $modes);
+      $stmt->bindParam(':operatorCall', $operatorCall);
+      $stmt->bindParam(':operatorName', $operatorName);
+      $stmt->bindParam(':operatorEmail', $operatorEmail);
+      $stmt->bindParam(':operatorPhone', $operatorPhone);
+      $stmt->execute();
+      echo "<p class=\"mid\">Data inserted.</p>";
+    } catch (PDOException $e) {
+      echo "<p class=\"mid\">Error!: " . $e->getMessage() . "</p>";
+    }
+  }
+}
+
+function clear_input($data) {
+  $data = trim($data);
+  $data = stripslashes($data);
+  $data = htmlspecialchars($data);
+  return $data;
 }
-- 
cgit v1.2.3