-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdateRating.php
More file actions
executable file
·122 lines (111 loc) · 3.5 KB
/
Copy pathupdateRating.php
File metadata and controls
executable file
·122 lines (111 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
require_once "config.php";
if (!isset($_SESSION["account_id"]) || !isset($_SESSION["account_name"]))
{
header("location: login.php");
exit();
}
$user_ID = $_SESSION["account_id"];
$username = $_SESSION["account_name"];
if (!isset($_GET["title_ID"]) || empty(trim($_GET["title_ID"])))
{
die("Missing title_ID in URL.");
}
$title_ID = intval($_GET["title_ID"]);
$rating = "";
$rating_err = "";
$conn = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
if (!$conn)
{
die("Connection failed: " . mysqli_connect_error());
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$rating = trim($_POST["rating"]);
if (empty($rating) || !is_numeric($rating) || $rating < 0 || $rating > 5)
{
$rating_err = "Please enter a rating between 0 and 5.";
}
if (empty($rating_err))
{
$sql = "UPDATE Rates SET rating = ? WHERE user_ID = ? AND title_ID = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "iii", $rating, $user_ID, $title_ID);
if (mysqli_stmt_execute($stmt))
{
header("location: viewRatings.php");
exit();
}
else
{
die("Error updating rating: " . mysqli_error($conn));
}
mysqli_stmt_close($stmt);
}
}
}
else
{
$sql = "SELECT rating FROM Rates WHERE user_ID = ? AND title_ID = ?";
if ($stmt = mysqli_prepare($conn, $sql))
{
mysqli_stmt_bind_param($stmt, "ii", $user_ID, $title_ID);
if (mysqli_stmt_execute($stmt))
{
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result))
{
$rating = $row["rating"];
}
else
{
die("No rating found.");
}
}
mysqli_stmt_close($stmt);
}
}
mysqli_close($conn);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Update Rating</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style>
.wrapper {
width: 500px;
margin: 0 auto;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2>Update Rating</h2>
<h4><?php echo htmlspecialchars($username); ?> — Title ID: <?php echo htmlspecialchars($title_ID); ?></h4>
</div>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"] . "?title_ID=" . $title_ID); ?>" method="post">
<div class="form-group <?php echo (!empty($rating_err)) ? 'has-error' : ''; ?>">
<label>New Rating (0 - 5):</label>
<input type="number" name="rating" class="form-control" min="0" max="100"
value="<?php echo htmlspecialchars($rating); ?>">
<span class="help-block"><?php echo $rating_err; ?></span>
</div>
<input type="submit" class="btn btn-primary" value="Update">
<a href="viewRatings.php" class="btn btn-default">Cancel</a>
</form>
</div>
</div>
</div>
</div>
</body>
</html>