-
Notifications
You must be signed in to change notification settings - Fork 0
/
editProduct.php
175 lines (158 loc) · 8.35 KB
/
editProduct.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
<?php
include 'incs/header.php';
include 'classes/dbh.php';
if (isset($_SESSION['userId']) && $userRole == "user") {
header("Location: 404.php");
} elseif (!isset($_SESSION['userId'])) {
header("Location: 404.php");
}
$dbh = new Dbh();
$productId = $_GET['id'];
$stmt = $dbh->connection()->prepare("SELECT * FROM product WHERE product_id = :productId");
$stmt->bindParam(':productId', $productId);
$stmt->execute();
$result = $stmt->fetchAll();
if (empty($result)) {
header("Location: 400.php");
}
if (isset($_POST['submit'])) {
$productName = $_POST['productName'];
$productStock = $_POST['productStock'];
$productDescription = $_POST['productDescription'];
$productCategory = $_POST['productCategory'];
if (!isset($_POST['productAvailability'])) {
$productAvailability = "false";
} else {
$productAvailability = $_POST['productAvailability'];
}
$productImage = $_FILES['productImage']['name'];
$productImageTmp = $_FILES['productImage']['tmp_name'];
$productImageSize = $_FILES['productImage']['size'];
$productImageType = $_FILES['productImage']['type'];
$productImageExt = explode('.', $productImage);
$productImageActualExt = strtolower(end($productImageExt));
$allowed = array('jpg', 'jpeg', 'png');
// if no image is uploaded then update the rest of the product
if (empty($productImage)) {
$stmt = $dbh->connection()->prepare("UPDATE product SET product_name = :productName, product_category = :productCategory, product_description = :productDescription, product_quantity = :productStock, product_availability = :productAvailability WHERE product_id = :productId");
$stmt->bindParam(':productName', $productName);
$stmt->bindParam(':productStock', $productStock);
$stmt->bindParam(':productDescription', $productDescription);
$stmt->bindParam(':productCategory', $productCategory);
$stmt->bindParam(':productAvailability', $productAvailability);
$stmt->bindParam(':productId', $productId);
$stmt->execute();
header("Location: products.php");
} else {
if (in_array($productImageActualExt, $allowed)) {
if ($productImageSize < 1000000) {
// delete old image
$stmt = $dbh->connection()->prepare("SELECT * FROM product_image WHERE product_id = :productId");
$stmt->bindParam(':productId', $productId);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$oldImage = $result['image_name'];
unlink('imgs/' . $oldImage);
$productImageNewName = uniqid('', true) . "." . $productImageActualExt;
$productImageDestination = 'imgs/' . $productImageNewName;
move_uploaded_file($productImageTmp, $productImageDestination);
$stmt = $dbh->connection()->prepare("UPDATE product SET product_name = :productName, product_category = :productCategory, product_description = :productDescription, product_quantity = :productStock, product_availability = :productAvailability WHERE product_id = :productId");
$stmt->bindParam(':productName', $productName);
$stmt->bindParam(':productStock', $productStock);
$stmt->bindParam(':productDescription', $productDescription);
$stmt->bindParam(':productCategory', $productCategory);
$stmt->bindParam(':productAvailability', $productAvailability);
$stmt->bindParam(':productId', $productId);
$stmt->execute();
$stmt = $dbh->connection()->prepare("SELECT * FROM product WHERE product_name = :productName");
$stmt->bindParam(':productName', $productName);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$productId = $row['product_id'];
$stmtImg = $dbh->connection()->prepare("UPDATE product_image SET image_name = :productImage WHERE product_id = :productId");
$stmtImg->bindParam(':productId', $productId);
$stmtImg->bindParam(':productImage', $productImageNewName);
$stmtImg->execute();
header("Location: products.php");
} else {
echo "Your file is too big!";
}
} else {
echo "You cannot upload files of this type!";
}
}
}
?>
<?php
include 'incs/navBar.php';
?>
<div id="add-product-container">
<?php
$stmt = $dbh->connection()->prepare("SELECT * FROM product INNER JOIN product_image ON product_image.product_id = product.product_id WHERE product.product_id = :productId");
$stmt->bindParam(':productId', $productId);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$productName = $row['product_name'];
$productDescription = $row['product_description'];
$productPrice = $row['product_price'];
$productImage = $row['image_name'];
$productCategory = $row['product_category'];
$productStock = $row['product_quantity'];
$productAvailability = $row['product_availability'];
// select category name
$stmt = $dbh->connection()->prepare("SELECT * FROM product_category WHERE category_id = :productCategory");
$stmt->bindParam(':productCategory', $productCategory);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$productCategoryName = $row['category_name'];
?>
<div class="titlerow">
<div class="col-md-12">
<h1 class="text-center">Product bewerken</h1>
</div>
</div>
<div class="row">
<div class="col-md-12">
<form action="" class="login-form" method="post" enctype="multipart/form-data">
<img src="<?php echo "imgs/$productImage" ?>" alt="Product foto" id="productPictureDisplay" onclick="triggerClick()">
<input type="file" id="productPictureUpload" name="productImage" onchange="displayImage(this)" value="" style="display:none ;">
<div class="form-control">
<input type="text" name="productName" id="productName" placeholder="Naam product" value="<?php echo $productName ?>" required>
<i class="fas fa-font"></i>
</div>
<div class="form-control">
<input type="text" name="productStock" id="productStock" placeholder="Voorraad product" value="<?php echo $productStock ?>" required>
<i class="fas fa-boxes"></i>
</div>
<div class="form-control">
<textarea name="productDescription" id="productDescription" cols="55" rows="10" placeholder="Beschrijving product" resize="none" required><?php echo $productDescription ?></textarea>
</div>
<div class="form-control">
<select name="productCategory" id="productCategory" required>
<option value="<?php echo $productCategory ?>"><?php echo $productCategoryName ?></option>
<?php
$stmt = $dbh->connection()->prepare("SELECT * FROM product_category");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$categoryId = $row['category_id'];
$categoryName = $row['category_name'];
echo "<option value='$categoryId'>$categoryName</option>";
}
?>
</select>
</div>
<br>
<label for="productAvailability">Product beschikbaarheid</label>
<br>
<input type="checkbox" name="productAvailability" id="productAvailability" onclick="checkAvailability()" value="<?php echo $productAvailability ?>" <?php if ($productAvailability == "true") {
echo "checked";
} ?>>
<button class="submit" type="submit" name="submit">Bewerken</button>
</form>
</div>
</div>
</div>
</div>
<?php
include 'incs/footer.php';
?>