Chapter 10 - Edit account
Bank of the People
In Bitcoin We Trust
Edit Account
<?php //Script 10 Edit Account include (CHAPTER_PATH.'/'.$chapter.'/'.$path.'/includes/header.php'); // connect to the db require(CONNECT); echo "<div id='content'>"; echo '<h1>Edit Account</h1>'; // Get a valid account ID, through GET or POST or Select: if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission. $id = $_POST['id']; } else { // No valid ID, Select one from dropdown //get all accounts to populate dropdown menu $q = "SELECT account_id AS id, CONCAT( c.last_name,', ', c.first_name, ' (',a.type, ' - $', a.balance,')') AS 'account' FROM customers AS c INNER JOIN accounts AS a USING (customer_id) ORDER BY c.last_name ASC"; if($r = mysqli_query($link,$q) ){ echo "<form action='' method='post' ><p><label for='c'>Select Account to Edit</label>"; echo "<select id='c' name='id'>"; while($row = mysqli_fetch_assoc($r)) { echo "<option"; echo (isset($_POST['account']) && $_POST['account'] == $row['account'])? ' selected':''; echo " value='$row[id]'>$row[account]</option>"; } echo "</select></p><input type='submit' name='select' value='Select'/></form>"; } else { echo "We are experiencing technical difficulties. Try back later."; } } //if ID is set proceed with form if(isset($id)) { // Check if the update form has been submitted: if (isset($_POST['update'])) { $errors = array(); // check each field for validity, assign error message if fails //customer if (empty($_POST['customer'])) { $errors['c'] = 'This account doesn\'t seem to have a customer'; } else { $name = explode(',', $_POST['customer']); $fn = mysqli_real_escape_string($link,trim($name[1])); $ln = mysqli_real_escape_string($link,trim($name[0])); } // type if (empty($_POST['type'])) { $errors['t'] = 'Please select an account type.'; $t = null; } else { $t = mysqli_real_escape_string($link,trim($_POST['type'])); //prevent multiple accounts with the same type $q= "SELECT account_id FROM accounts INNER JOIN customers USING (customer_id) WHERE first_name='$fn' AND last_name='$ln' AND type='$t' AND account_id!='$id'"; if($r = mysqli_query($link,$q)) { $num = mysqli_num_rows($r); if($num>0) { $errors['t'] = "The customer already has an account of that type."; } } } // balance if ($_POST['balance'] == '') { $errors['b'] = 'Please enter a balance.'; $b= null; } elseif(!is_numeric($_POST['balance'])) { $errors['b'] = 'Please enter a number.'; } elseif($_POST ['balance'] < 0) { $errors['b'] = 'Please enter a positive number.'; } else { $b = mysqli_real_escape_string($link,trim($_POST['balance'])); } if (empty($errors)) { // If everything's OK. // Make the query: $q = "UPDATE accounts SET type='$t', balance=$b WHERE account_id=$id LIMIT 1"; $r = mysqli_query ($link, $q); if (mysqli_affected_rows($link) == 1) { // If it ran OK. $message = '<p>The account has been updated.<br />'; $message .= mysqli_info($link).'</p>'; } elseif(mysqli_affected_rows($link) == 0) { $message = '<p>Duplicate account information. Account has not been updated.<br />'; $message .= mysqli_info($link).'</p>'; } else { // If it did not run OK. $message = '<p class="error">The account could not be updated due to a system error. We apologize for any inconvenience.<br />'; // Public message. $message .= mysqli_info($link).'</p>'; $message .= '<p>' . mysqli_error($link) . '<br />Query: ' . $q . '</p>'; // Debugging message. } // provide feedback from submission echo '<div class="message">'.$message.'</div>'; } else { $errors['flag'] = "<div class='error-message error'><h2>Error</h2><p>Please double check your information. Account was not updated.</p></div>"; } } else { $t=null; $b=null; } //display the form with any error messages. $q = "SELECT account_id AS id, CONCAT_WS(', ', c.last_name, c.first_name) AS customer, a.type AS type, a.balance AS balance FROM customers AS c INNER JOIN accounts AS a USING (customer_id) WHERE account_id=$id"; $r = mysqli_query ($link, $q); if (mysqli_num_rows($r) == 1) { // Valid ID, show the form. echo (isset($errors['flag']))? $errors['flag'] : ''; // Get the user's information: $row = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Create the form: ?> <form action="" method="post"> <h3>Customer - <?php echo stripslashes($row['customer']); ?></h3> <?php echo (isset($errors['c']))?'<span class="error">'.$errors['c'].'</span>' : ''; ?> <p> <label>Account Type: </label><br /> <label for="ch">Checking </label><input type="radio" id="ch" name="type" <?php echo ($row['type']=='Checking')?' checked':''; ?> value="Checking" /> <label for="sv">Savings </label><input type="radio" id="sv" name="type" <?php echo ($row['type']=='Savings')?' checked':''; ?> value="Savings" /> <?php echo (isset($errors['t']))?'<span class="error">'.$errors['t'].'</span>' : ''; ?> </p> <p> <label for="b">Account Balance: </label> <input type="text" id="b" name="balance" size="20" maxlength="60" value="<?php echo (!empty($b))?$b: $row['balance']; ?>" /> <?php echo (isset($errors['b']))?'<span class="error">'.$errors['b'].'</span>' : ''; ?> </p> <p> <input type="submit" name="update" value="Apply Changes" /> <input type="hidden" name="id" value="<?php echo $id; ?>" /> <input type="hidden" name="customer" value="<?php echo stripslashes($row['customer']); ?>" /> </p> </form> <?php } else { // Not a valid user ID. echo '<p class="error">This page has been accessed in error.</p>'; } } // disconnect from the db require(DISCONNECT); echo "</div>"; include (CHAPTER_PATH.'/'.$chapter.'/'.$path.'/includes/footer.php'); ?>