iMovieRating/edit.php at main · SassCoding/iMovieRating · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<?php
    require('authenticate.php');
    require('connect.php');
    session_start();

    //Sanitization
    $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
    $id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);

    if(!filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT) || !filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT))
    {
      header("location: index.php");
    }

    if($_POST && isset($_POST['content']) && isset($_POST['id'])){

      $review  = filter_input(INPUT_POST, 'content', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $movieId = $_POST['movieId'];
        $redirect = "Location: ratings.php?id=".$movieId;

        // Build the parameterized SQL query and bind to the above sanitized values.
        $query     = "UPDATE review SET content = :content WHERE review_id = :id";
        $statement = $db->prepare($query);
        $statement->bindValue(':content', $review);
        $statement->bindValue(':id', $id);

        // Build the second statement
        $querydelete = "DELETE FROM review WHERE review_id = :id LIMIT 1";
        $statementDelete = $db->prepare($querydelete);
        $statementDelete->bindValue(':id', $id, PDO::PARAM_INT);

        // Delete if the button is pressed.
        $deleteCommand = $_POST['deleteCommand'];
        if($deleteCommand){
           $statementDelete->execute();

            header($redirect);
            exit;
        }

        // Execute the INSERT.
        $statement->execute();

        // Redirect after update.
        header($redirect);
        exit;
    } else if (isset($_GET['id'])){
        $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
        $id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);

        $query = "SELECT * FROM review WHERE review_id = :id";
        $statement = $db->prepare($query);
        $statement->bindValue(':id', $id, PDO::PARAM_INT);
        $statement->execute();
        $row = $statement->fetch();
    } else {
        $id = false;
    }

    if(!empty($_POST['search']))
    {
      $searchTerm = filter_input(INPUT_POST, 'search', FILTER_SANITIZE_SPECIAL_CHARS);

      if(!filter_input(INPUT_POST, 'search', FILTER_SANITIZE_SPECIAL_CHARS))
      {
          header("location: index.php");
      }
      else
      {
	      $_SESSION['searchterm'] = $searchTerm;
	      header("location: search.php");
      }
    }
?>

<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
    <link rel="stylesheet" href="style.css">

    <title>Edit Page</title>
  </head>
  <main>
    <?php include("nav.php");?>
    <section class="bg-dark text-dark p-5 text-left">
      <div class="form_bg">
        <div class="container">
        <form method="post" class="row g-3 needs-validation" novalidate style="justify-content: center;">
      <div class="col-md-4">
        <div class="input-group">
          <span class="input-group-text">Review</span>
          <textarea class="form-control" name="content" id="content" aria-label="Review"><?= $row['content'] ?></textarea>
        </div>
        <input type="hidden" name="id" value="<?php echo $row['review_id']?>" />
        <input type="hidden" name="movieId" value="<?php echo $row['movie_id']?>" />
        <input type="submit" class="btn btn-success" name="update" value="Update" />
        <input type="submit" class="btn btn-danger" name="deleteCommand" value="Delete" onclick="return confirm('Are you sure you wish to delete this post?')" />
      </div>
    </form>
          </div>
      </div>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
  </section>
</main>

  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
</body>
</html>