saveRoom.php

Source of saveRoom.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SaveRoom.php</title>
</head>
<body>

<?php 
//Once a room has been edited by editSegment, this program
//updates the database accordingly.

//connect to database
$conn  = mysql_connect("localhost", "user", "password") or die(mysql_error());
$select = mysql_select_db("ph_6", $conn);

//pull data from form
$name = filter_input(INPUT_POST, "name");
$description = filter_input(INPUT_POST, "description");
$north = filter_input(INPUT_POST, "north");
$east = filter_input(INPUT_POST, "east");
$south = filter_input(INPUT_POST, "south");
$west = filter_input(INPUT_POST, "west");
$id = filter_input(INPUT_POST, "id");

//clean up all data
$name = mysql_real_escape_string($name);
$description = mysql_real_escape_string($description);
$north = mysql_real_escape_string($north);
$east = mysql_real_escape_string($east);
$south = mysql_real_escape_string($south);
$west = mysql_real_escape_string($west);
$id = mysql_real_escape_string($id);

$sql = <<< END

UPDATE adventure
SET
  name = '$name',
  description = '$description',
  north = $north,
  east = $east,
  south = $south,
  west = $west
WHERE
  id = $id;

END;

print "<pre>$sql</pre> \n";

$result = mysql_query($sql) or die(mysql_error());
if ($result){
  print "<h3>$name room updated successfully</h3>\n";
  print "<p><a href = \"listSegments.php\">view the rooms</a></p>\n";
} else {
  print "<h3>There was a problem with the database</h3>\n";
} // end if

?>
</body>
</html>