assign("editFood", $_GET['food']); } $sql = sprintf (" SELECT * FROM userFoods WHERE user = '%s' ", $_SESSION['user']['id'] ); $db->Select($sql); if ( $db->_rowCount > 0 ) { $smarty->assign("savedFoods", $db->_rows); } # grab the various parts. these sections are not printed to the screen # but rather dumped into smarty variables that will simply be printed # in the template, so the order doesn't matter here at the moment include("header.php"); include("sidebar_left.php"); include("sidebar_right.php"); include("footer.php"); $smarty->display("edit_food.tpl"); exit; } # don't let the user continue here if we don't have the id of # the saved food, or if this id isn't a number, or if an action # wasn't specified if ( ! isset($_POST['food']) ) { $_SESSION['systemMsg'] = "You must specify a food."; header("Location: {$config->_previousUri}"); exit; } if ( ! is_numeric($_POST['food']) ) { $_SESSION['systemMsg'] = "The food must be numeric."; header("Location: {$config->_previousUri}"); exit; } if ( ! isset($_POST['action']) || (($_POST['action'] != "Delete") && ($_POST['action'] != "Rename") && ($_POST['action'] != "Modify") && ($_POST['action'] != "Edit")) ) { $_SESSION['systemMsg'] = "You must specify an appropriate action."; header("Location: {$config->_previousUri}"); exit; } # the following should be relatively self-explanatory switch ( $_POST['action'] ) { case "Delete": $sql = sprintf (" DELETE FROM userFoods WHERE id = '%s' ", $_POST['food'] ); $db->Modify($sql); if ( $db->_affectedRows == 1 ) { $_SESSION['systemMsg'] = "The food was deleted successfully."; } else { $_SESSION['systemMsg'] = "There was an error. The food was not deleted."; } break; case "Rename": if ( isset($_POST['newFoodName']) && ("" != trim($_POST['newFoodName'])) ) { $sql = sprintf (" UPDATE userFoods SET description = '%s' WHERE id = '%s' ", $db->EscapeString($_POST['newFoodName']), $_POST['food'] ); $db->Modify($sql); if ( ! $db->_error ) { $_SESSION['systemMsg'] = "The food was renamed successfully."; } else { $_SESSION['systemMsg'] = "There was an error. The food was not renamed."; } } else { $_SESSION['systemMsg'] = "The food was not renamed because the new name was empty."; } break; case "Edit": header("Location: {$config->_rootUri}/edit_food?food={$_POST['food']}&action=showFoods"); exit; break; case "Modify": if ( isset($_POST['foodDesc']) && ("" != trim($_POST['foodDesc'])) ) { if ( isset($_POST['quantity']) && is_numeric(trim($_POST['quantity'])) ) { $sql = sprintf (" UPDATE userFoods SET description = '%s', quantity = '%s', weight = '%s', favorite = '%s' WHERE id = '%s' AND user = '%s' ", $db->EscapeString($_POST['foodDesc']), $_POST['quantity'], $_POST['weight'], $favorite = isset($_POST['favorite']) ? "1" : "0", $_POST['food'], $_SESSION['user']['id'] ); $db->Modify($sql); if ( ! $db->_error ) { $_SESSION['systemMsg'] = "The food was modified successfully."; } else { $_SESSION['systemMsg'] = "There was an error. The food was not renamed."; } } else { $_SESSION['systemMsg'] = "The amount must be a number."; } } else { $_SESSION['systemMsg'] = "The food was not saved because the new name was empty."; } break; default: $_SESSION['systemMsg'] = "Nothing was changed."; } # now send the user back where they came from with a system message header("Location: {$config->_previousUri}"); exit; ?>