-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaddNewBook.php
More file actions
85 lines (62 loc) · 4.39 KB
/
addNewBook.php
File metadata and controls
85 lines (62 loc) · 4.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
// include the API Builder Database class
require_once('api_builder_includes/class.Database.inc.php');
//var_dump($_POST);
//if POST is present...
if(isset($_POST) &&
!empty($_POST)){
// Do any neccissary validation here. You can use something like https://github.com/ASoares/PHP-Form-Validation
// if you are not going to validate input, which you absolutely should if users are submitting it, then at least
// make sure the correct values are present
if ((isset($_POST['title']) && !empty($_POST['title'])) ||
(isset($_POST['bookCode']) && !empty($_POST['bookCode'])) ||
(isset($_POST['review']) && !empty($_POST['review']))) {
// Open the database connection. This is what happens inside of the API class constructor
// but if this page is simply for submitting data to the database you can just call this method
Database::init_connection("localhost", "parks", "Books", "root", "govhack");
// Sanitize the array so that it can be safely inserted into the database.
// This method uses MySQLi real escape string and htmlspecialchars encoding.
//$post_array = Database::clean($_POST);
$json_obj = new StdClass();
if (isset($_POST['bookCode']) && !empty($_POST['bookCode'])) {
$mysql_query_string = "SELECT bookID FROM Books WHERE bookCode LIKE '%".$_POST['bookCode']."%'";
$get_array = Database::get_all_results($mysql_query_string);
//print_r($get_array);
$json_obj->lastBookId = $get_array[0]['bookID'];
if ($json_obj->lastBookId != -1) {
$mysql_query_string = "INSERT INTO BookLocation (bookID, Latitude, Longitude) VALUES (".$json_obj->lastBookId.", ".$_POST['latitude'].", ".$_POST['longitude'].")";
//print_r($mysql_query_string);
$get_array = Database::execute_sql_add($mysql_query_string);
$json_obj->newLocation = $get_array;
}
} else if (isset($_POST['review']) && !empty($_POST['review'])) {
$mysql_query_string = "SELECT * FROM BookLocation WHERE entryID = ".$_POST['locationRef'];
$get_array = Database::get_all_results($mysql_query_string);
$mysql_query_string = "SELECT * FROM ParkData WHERE LONGITUDE = ".$get_array[0]['Longitude']." AND LATITUDE = ".$get_array[0]['Latitude'];
$get_array = Database::get_all_results($mysql_query_string);
$mysql_query_string = "INSERT INTO BookReview (bookCode, ReviewAuthor, Review, locationRef, locationInfo) VALUES ('".$_POST['currentCode']."', '".addslashes($_POST['yourName'])."', '".addslashes($_POST['review'])."', ".$_POST['locationRef'].", '".$get_array[0]['PARK_NAME']."')";
//print_r($mysql_query_string);
$get_array = Database::execute_sql_add($mysql_query_string);
$json_obj->lastReview = $get_array;
} else {
$lastCode = substr(md5(substr(md5(time()), 5, 10)), 3, 9);
$mysql_query_string = "INSERT INTO Books (Title, Author, bookCode, isbn, coverImage) VALUES ('".addslashes($_POST['title'])."', '".addslashes($_POST['bookAuthor'])."', '".$lastCode."', '".$_POST['bookISBN']."', '".addslashes($_POST['bookCover'])."')";
//print_r($mysql_query_string);
$get_array = Database::execute_sql_add($mysql_query_string);
$json_obj->bookCode = $lastCode;
$json_obj->bookTitle = $_POST['title'];
$json_obj->Author = $_POST['bookAuthor'];
$json_obj->isbn = $_POST['bookISBN'];
$json_obj->bookCover = $_POST['bookCover'];
}
//$json_obj->lastLocationId = $get_array;
echo json_encode($json_obj, JSON_PRETTY_PRINT);
//submit the data to your table.
// if($r = Database::execute_from_assoc($post_array, Database::$table)){
// print_r($r);
// } else {
// echo "There was an error submitting the data to the database";
// }
} else echo "One or more of the required values is missing from the POST";
} else echo "Nothing was added to the database because the http request has no POST values";
?>