I am currently busy with an employee system and need help please. Over the last couple of days I have researched the web on forms and are now trying to build one solution out of two form types. New to php so please excuse if my terms are not correct.
The first form I am used was to simply display and allow for editing of data withing the database table. I need the user to be able to upload files to their employees so I got another form doing that part. Both worked 100% before combining the two.
I have placed all the php coding withing the same file used for the form. Reading through the code you should get the idea of what fields I have within my table. The added parts is the upload of warning forms. I need the three upload boxes to upload the files to the server and place a reference withing the row field.
Please assist and keep in mind that this is my first real php project when giving replies.
<?php
include 'core/init.php';
protect_page();
include 'includes/overall/header.php';
error_reporting(1);
?>
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($idnumber, $firstname, $lastname, $department, $manager, $startdate, $warning1, $warning2, $warning3, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<div class="article">
<h1>Employee Details</h1>
<div class="article">
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<div class="article">
<form action="" method="post" enctype="multipart/form-data">
<input type="hidden" name="idnumber" value="<?php echo $idnumber; ?>"/>
<div>
<p>* Required</p>
<p><strong>ID:</strong> <?php echo $idnumber; ?></p>
<table cellpadding="5" cellspacing="5">
<tr>
<td><strong>First Name: *</strong></td>
<td><input type="text" name="firstname" value="<?php echo $firstname; ?>"/></td>
</tr>
<tr>
<td><strong>Last Name: *</strong></td>
<td> <input type="text" name="lastname" value="<?php echo $lastname; ?>"/></td>
</tr>
<tr>
<td><strong>Department: *</strong> </td>
<td> <input type="text" name="department" value="<?php echo $department; ?>"/></td>
</tr>
<tr>
<td><strong>Manager/Superviser: *</strong></td>
<td><input type="text" name="manager" value="<?php echo $manager; ?>"/></td>
</tr>
<tr>
<td><strong>Start Date: *</strong></td>
<td><input type="text" name="startdate" value="<?php echo $startdate; ?>"/></td>
</tr>
<tr>
<td>
<table cellpadding="5" cellspacing="0">
<tr>
<td><label for="file">Select a file:</label> <input type="file" name="warning1" id="file"> <br />
</td>
</tr>
<tr>
<td><label for="file">Select a file:</label> <input type="file" name="warning2" id="file"> <br />
</td>
</tr>
<tr>
<td><label for="file">Select a file:</label> <input type="file" name="warning3" id="file"> <br />
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Submit" class="btn"></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['idnumber']))
{
// get form data, making sure it is valid
$idnumber = $_POST['idnumber'];
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
$lastname = mysql_real_escape_string(htmlspecialchars($_POST['lastname']));
$department = mysql_real_escape_string(htmlspecialchars($_POST['department']));
$manager = mysql_real_escape_string(htmlspecialchars($_POST['manager']));
$startdate = mysql_real_escape_string(htmlspecialchars($_POST['startdate']));
$warning1 = $_FILES['warning1']['name'];
$warning2 = $_FILES['warning2']['name'];
$warning3 = $_FILES['warning3']['name'];
// check that firstname/lastname fields are both filled in
if ($firstname == '' || $lastname == '')
{
// generate error message
$error = 'ERROR: Please fill in all fields!';
//error, display form
renderForm($idnumber, $firstname, $lastname, $department, $manager, $startdate, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE ref_employees SET firstname='$firstname', lastname='$lastname', department='$department', manager='$manager', startdate='$startdate', warning1='$warning1', warning2='$warning2', warning3='$warning3' WHERE idnumber='$idnumber'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: employeelist.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['idnumber']) && is_numeric($_GET['idnumber']) && $_GET['idnumber'] > 0)
{
// query db
$idnumber = $_GET['idnumber'];
$result = mysql_query("SELECT * FROM ref_employees WHERE idnumber=$idnumber")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$department = $row['department'];
$manager = $row['manager'];
$startdate = $row['startdate'];
// show form
renderForm($idnumber, $firstname, $lastname, $department, $manager, $startdate, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>
<?php
// Configuration - Your Options
$allowed_filetypes = array('.pdf'); // These will be the types of file that will pass the validation.
$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
$upload_path = 'files/empdocs'; // The place the files will be uploaded to (currently a 'files' directory).
$warning1 = $_FILES['warning1']['name'];
$warning2 = $_FILES['warning2']['name'];
$warning3 = $_FILES['warning3']['name']; // Get the name of the file (including file extension).
$ext1 = substr($warning1, strpos($warning1,'.'), strlen($warning1)-1);
$ext2 = substr($warning2, strpos($warning2,'.'), strlen($warning1)-1);
$ext3 = substr($warning3, strpos($warning3,'.'), strlen($warning1)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['warning1']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
else if(filesize($_FILES['warning2']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
else if(filesize($_FILES['warning3']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
// Upload the file to your specified path.
if(move_uploaded_file($_FILES['warning1']['tmp_name'],$upload_path . $filename)
&& move_uploaded_file($_FILES['warning2']['tmp_name'],$upload_path . $filename)
&& move_uploaded_file($_FILES['warning3']['tmp_name'],$upload_path . $filename))
echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
else
echo 'There was an error during the file upload. Please try again.'; // It failed :(.
?>
</div>
</form>
</div>
</div>
