PHP/add.php at main · 89P13-24/PHP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
    // if(isset($_GET['submit'])){
    //     echo $_GET['email'];
    //     echo $_GET['title'];
    //     echo $_GET['ingredients'];
    // }

include('config/db_connect.php');

$email = $title = $ingredients = '';
$errors = array('email' => '','title' =>'','ingredients' =>'');

    if(isset($_POST['submit'])){

        // echo htmlspecialchars($_POST['title']);
        // echo htmlspecialchars($_POST['ingredients']);
        if(empty($_POST['email'])){
            $errors['email'] = 'An email is required <br />';
        }else{
            $email = $_POST['email'];
            if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
                $errors['email'] = 'email must be a valid email address.';
            }
        }
        if(empty($_POST['title'])){
            $errors['title'] = 'An title is required <br />';
        }else{
            $title = $_POST['title'];
            if(!preg_match('/^[a-zA-Z\s]+$/',$title)){
                $errors['title'] =  'Title must be letters and space only <br />';
            }
        }
        if(empty($_POST['ingredients'])){
            $errors['ingredients'] = 'An ingredient is required <br />';
        }else{
            $ingredients = $_POST['ingredients'];
            if(!preg_match('/^([a-zA-Z\s]+)(,\s*[a-zA-Z\s]*)*$/', $ingredients)){
                $errors['ingredients'] = 'Ingredients must be comma separated list of words only <br />';
            }
        }
        if(!array_filter($errors)){
            $email = mysqli_real_escape_string($conn, $_POST['email']);
            $title = mysqli_real_escape_string($conn, $_POST['title']);
            $ingredients = mysqli_real_escape_string($conn, $_POST['ingredients']);

            // create sql
            $sql = "INSERT INTO pizzas(title,email,ingredients) VALUES('$title','$email','$ingredients')";

            // save to db and check

            if(mysqli_query($conn,$sql)){
                // success
                header('Location: index.php');
            }else{
                //error
                echo 'query error: '.mysqli_error($conn);
            }


        }
    }
?>
<!DOCTYPE html>
<html lang="en">
        <?php include 'templates/header.php';?>
        <section class = "container grey-text">
            <h4 class = "center">Add a Pizza</h4>
            <form class = "white" action="add.php" method = "POST">
                <label for="">Your Email:</label>
                <input type="text" name = "email" value = "<?php echo htmlspecialchars($email)?>">
                <div class = "red-text"><?php echo $errors['email']; ?></div>
                <label for="">Pizza Title:</label>
                <input type="text" name = "title" value = "<?php echo htmlspecialchars($title)?>">
                <div class = "red-text"><?php echo $errors['title']; ?></div>
                <label for="">Ingredients (comma separated):</label>
                <input type="text" name = "ingredients" value = "<?php echo htmlspecialchars($ingredients)?>">
                <div class = "red-text"><?php echo $errors['ingredients']; ?></div>
                <div class="center">
                    <input type="submit" name = "submit" value = "submit" class = "btn brand z-depth-0">
                </div>
            </form>
        </section>
        <?php include 'templates/footer.php';?>

</html>