-
Notifications
You must be signed in to change notification settings - Fork 1
/
createProduct.php
98 lines (75 loc) · 2.4 KB
/
createProduct.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?php
ob_start();
session_start();
require("database.php"); //db connector
if ($_SESSION['manager'] ==1){
//check for manager bit
/*
+---------------+---------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+---------------+------+-----+---------+----------------+
| pid | int(100) | NO | PRI | NULL | auto_increment |
| price | decimal(10,0) | YES | | NULL | |
| purchasedDate | date | YES | | NULL | |
| description | longtext | YES | | NULL | |
+---------------+---------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
*/
//begin html form
$today =date('y-m-d');
echo "<html>
<head>
<title>
Create Product
</title>
</head>
<body>
<form name=\"createProduct\" action=\"createProduct.php\" method=\"get\">
Product's Name: <input type=\"text\" name=\"name\"> <br/>
Product's Price: <input type=\"text\" name=\"price\"> <br/>
Product's Purchase date (yy-mm-dd): <input type=\"text\" name=\"purchasedate\" value='$today'> <br/>
Product's Description: <input type=\"text\" name=\"description\"> <br/>
<input type=\"submit\" >
</form>";
//if someone submitted everything filled in
if ( isset($_GET['name']) &&
isset($_GET['price']) &&
isset($_GET['purchasedate']) &&
isset($_GET['description']) )
{
$name = $_GET['name'];
$price = $_GET['price'];
$purchasedate = $_GET['purchasedate'];
$description = $_GET['description'];
if ( !is_numeric($_GET['price']) ) {
echo "Data was not entered correctly.<br/>";
}
else {
$query = "insert into inventory
(name, price, purchaseddate,description)
values( '$name', $price, '$purchasedate', '$description')";
/*$query = "insert into employee(name, seniority,commission,startdate,enddate,weeklysalary,password) values ('"
. $_GET['name'] . "','"
. $_GET['seniority'] . "',"
. $_GET['commission'] . ",'"
. $_GET['startdate'] . "','"
. $_GET['enddate'] . "',"
. $_GET['weekly'] . ",'"
. $_GET['password'] . "' )";
*/
echo "Product is being added to database. <br/>";
echo "Query used is <br/><i>$query</i><br/>";
//insert user
$result = mysql_query($query);
if( !$result)
echo "User not added";
else
require("showProduct.php");
}
}
echo "</body></html>";
}
else
echo "Please log in as a manager.";
ob_end_flush();
?>