\n"; if ($_POST['submit_ssn']) { // came from form1 $ssn=$_POST['ssn']; printform2($db, $ssn); } else if ($_POST['update']) { // came from form2 $ssn=$_POST['ssn']; print "updating employee with SSN=$ssn

"; update_employee($db, $ssn); printform1($db); } else { // first arrival printform1($db); } print ""; // end of main program /* * This is mostly just copied from employee.php. */ function update_employee($db, $orig_ssn) { $fname= $_POST['fname']; $minit= $_POST['minit']; $lname= $_POST['lname']; $ssn = $_POST['ssn']; $bdate= $_POST['bdate']; $address=$_POST['address']; $sex = $_POST['sex']; $salary=$_POST['salary']; $super_ssn=$_POST['super_ssn']; $dno = $_POST['dno']; // diagnostics print htmlspecialchars("inserting record: lname=$lname, fname=$fname, ssn=$ssn, fssn=$fssn

"); // WRONG INSERTION FOR THIS PAGE!!! CHANGE TO AN APPROPRIATE UPDATE!! // something like "update employee set .... where ssn=$orig_ssn" (but use prepared query) $insertion="insert into EMPLOYEE values (?,?,?,?,?,?,?,?,?,?)"; $types = array('text', 'text', 'text', 'text', 'text', 'text', 'text', 'decimal', // salary 'text', 'integer'); // dept number // change MANIP to RESULT on lamp.cslabs.luc.edu $stmt = $db->prepare($insertion, $types, MDB2_PREPARE_MANIP); if (MDB2::isError($stmt)) { print("bad prepared statement:" . $stmt->getMessage()); } $queryargs = array($fname, $minit, $lname, $ssn, $bdate, $address, $sex, $salary, $super_ssn, $dno); // alternative ways of doing this //$stmt->bindValueArray($queryargs); //print "the query object to be executed:

"; print_r($stmt); //$ires = $stmt->execute(); $ires = $stmt->execute($queryargs); if (MDB2::isError($ires)) { print("update not successful: " . $ires->getMessage()); $fail=1; } else { print "update ok"; } } // despite the name, get_employees() also prints the employee table function get_employees($db) { $query="select e.fname, e.lname, e.ssn, concat(d.dnumber, ' (', d.dname, ')' ) as dept from (employee e left join employee s on e.super_ssn = s.ssn) left outer join department d on e.dno = d.dnumber"; $qstmt = $db->prepare($query, array(), MDB2_PREPARE_RESULT); $qres = $qstmt->execute(NULL); if (MDB2::isError($qres)) { die("query not successful: " . $qres->getMessage()); } print "

Table of Employees

"; table_format($qres); print "

"; } /* * This form is mostly ok */ function printform1($db) { print << Use this page to select an employee ssn

FORMEND; get_employees($db); makePageButtons(); } /* * You will have to add lots of input boxes to this form. * You will also have to add code to retrieve the fields for the given employee * and use those as the corresponding value attributes of the input boxes * Use the "$lname" example as a pattern; you will have retrieved a value for $lname with a query */ function printform2($db, $ssn) { $lname = "retrieve this from db with a query!!"; print <<This form is for updating the employee with ssn $ssn

SSN of employee

END; makePageButtons(); } ?>