php mysql

<?php

// connect to the database
include("connect-db.php");

// creates the new/edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($product_code = '', $product_name = '', $product_desc = '', $product_img_name = '', $price = '', $error = '', $id = '')
{ ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($id != '') { echo "Edit"; } else { echo "New"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link type="text/css" media="all" rel="stylesheet" href="css/styla.css">
</head>
<body>
<h1><?php if ($id != '') { echo "Edit"; } else { echo "New"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
. "</div>";
} ?>

<form action="" method="post">
<div>
<?php if ($id != '') { ?>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<p>ID: <?php echo $id; ?></p>
<?php } ?>

<strong>product_code: *</strong> <input type="text" name="product_code"
value="<?php echo $product_code; ?>"/><br/>
<strong>product_name: *</strong> <input type="text" name="product_name"
value="<?php echo $product_name; ?>"/><br/>
<strong>product_desc: *</strong> <input type="text" name="product_desc"
value="<?php echo $product_desc; ?>"/><br/>
<strong>product_img_name: *</strong> <input type="text" name="product_img_name"
value="<?php echo $product_img_name; ?>"/><br/>
<strong>price: *</strong> <input type="text" name="price"
value="<?php echo $price; ?>"/><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>

<?php }

/*

EDIT RECORD

*/
// if the 'id' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['id']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'id' in the URL is valid
if (is_numeric($_POST['id']))
{
// get variables from the URL/form
$id = $_POST['id'];
$product_code = htmlentities($_POST['product_code'], ENT_QUOTES);
$product_name = htmlentities($_POST['product_name'], ENT_QUOTES);
$product_desc = htmlentities($_POST['product_desc'], ENT_QUOTES);
$product_img_name = htmlentities($_POST['product_img_name'], ENT_QUOTES);
$price = htmlentities($_POST['price'], ENT_QUOTES);

// check that firstname and lastname are both not empty
if ($product_code = '' || $product_name = ''|| $product_desc = ''|| $product_img_name == ''|| $price = '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($product_code, $product_name, $product_desc, $product_img_name, $price, $error, $id);
}
else
{
// if everything is fine, update the record in the database
if ($stmt = $mysqli->prepare("UPDATE products SET product_code = ?, product_name = ?, product_desc = ?, product_img_name = ?, price = ?
WHERE id=?"))
{
$stmt->bind_param("ssi", $product_code, $product_name, $product_desc, $product_img_name, $price, $id);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}

// redirect the user once the form is updated
header("Location: view.php");
}
}
// if the 'id' variable is not valid, show an error message
else
{
echo "Error!";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'id' value is valid
if (is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// get 'id' from URL
$id = $_GET['id'];

// get the recod from the database
if($stmt = $mysqli->prepare("SELECT * FROM products WHERE id=?"))
{
$stmt->bind_param("i", $id);
$stmt->execute();

$stmt->bind_result($id, $product_code, $product_name, $product_desc, $product_img_name, $price);
$stmt->fetch();

// show the form
renderForm($product_code, $product_name, $product_desc, $product_img_name, $price, NULL, $id);

$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'id' value is not valid, redirect the user back to the view.php page
else
{
header("Location: view.php");
}
}
}

/*

NEW RECORD

*/
// if the 'id' variable is not set in the URL, we must be creating a new record
else
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data

$product_code = htmlentities($_POST['product_code'], ENT_QUOTES);
$product_name = htmlentities($_POST['product_name'], ENT_QUOTES);
$product_desc = htmlentities($_POST['product_desc'], ENT_QUOTES);
$product_img_name = htmlentities($_POST['product_img_name'], ENT_QUOTES);
$price = htmlentities($_POST['price'], ENT_QUOTES);

// check that firstname and lastname are both not empty
if ($product_code = '' || $product_name = '' || $product_desc = '' || $product_img_name == '' || $price = '' )
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($product_code, $product_name, $product_desc, $product_img_name, $price, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT products (product_code, product_name, product_desc, product_img_name, price) VALUES (?, ?)"))
{
$stmt->bind_param("ss", $product_code, $product_name, $product_desc, $product_img_name, $price);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}

// redirec the user
header("Location: view.php");
}

}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}

// close the mysqli connection
$mysqli->close();
?>