Adding more fields to a Questionnaire in a CRUD system

Posted on

Problem

Background on Project

When a customer orders a machine, I have to do something called a telephone site survey, which involves asking them questions about their site making sure everything is okay first time when we/they install the machine.

A project of mine that I am trying to do is to handle this from an online form that I will create. The customer would login by a username and password we will give them and that will take them to a form. The Answers they give to the form will be submitted into a database (which I can manage via phpMyAdmin).

What I have done

I have began to create a CRUD system to do this. However the route i have taken to complete this is very long winded when implementing the fields. And apparently is vulnerable.

What I need

I am trying to find an easier way of creating a CRUD system that isn’t extremely long to add a bunch of input fields.
How can this be done in a simpler way?

create.php – https://pastebin.com/ufXpv9UU

if (empty($customer_name)) {
        header("Location: ../index.php?error=Name is required&$user_data");
    }else if (empty($customer_email)) {
        header("Location: ../index.php?error=Email is required&$user_data");
    }else if (empty($customer_mobile)) {
        header("Location: ../index.php?error=Mobile is required&$user_data");
    }else if (empty($poNum))
$sql = "INSERT INTO users(customer_name, customer_email, customer_mobile, poNum, site_name, street1)
               VALUES('$customer_name', '$customer_email', '$customer_mobile', 
                      '$poNum', '$site_name', '$street1')";
       $result = mysqli_query($conn, $sql);

read.php – https://pastebin.com/PWt7dZEF

<?php
include "db_conn.php";

$sql = "SELECT * FROM users ORDER BY id DESC";
$result = mysqli_query($conn, $sql);

php/update.php – https://pastebin.com/rm9E4wpY

$customer_name = validate($_POST['customer_name']);
    $customer_email = validate($_POST['customer_email']);
  $customer_mobile = validate($_POST['customer_mobile']);
  $poNum = validate($_POST['poNum']);
  $site_name = validate($_POST['site_name']);
  $street1 = validate($_POST['street1']);
    $id = validate($_POST['id']);

    if (empty($customer_name)) {
        header("Location: ../update.php?id=$id&error=Name is required");
    }else if (empty($customer_email)) {
        header("Location: ../update.php?id=$id&error=Email is required");
    }else if (empty($customer_mobile)) {
        header("Location: ../update.php?id=$id&error=Mobile is required");
    }else if (empty($poNum)) {
        header("Location: ../update.php?id=$id&error=PO Number is required");
    }else if (empty($site_name)) {
        header("Location: ../update.php?id=$id&error=Site Name is required");
    }else if (empty($street1)) {
        header("Location: ../update.php?id=$id&error=Address is required");
    }else {

       $sql = "UPDATE users
               SET customer_name='$customer_name', customer_email='$customer_email', 
                   customer_mobile='$customer_mobile', poNum='$poNum',
                   site_name='$site_name', street1='$street1'
                     WHERE id=$id ";

db_conn.php – https://pastebin.com/wZN2Ti41

index.php – https://pastebin.com/YfGLwtqd

update.php – https://pastebin.com/sddNYJnB

Solution

Leave a Reply

Your email address will not be published. Required fields are marked *