| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- <?php
- $root = $_SERVER['DOCUMENT_ROOT'];
- include($root . "/util/session.php");//checks that the user is logged in
- include($root . "/util/privilege_check.php");
- checkPrivilege("admin");
- if($_SERVER["REQUEST_METHOD"] == "POST"){
- $degreeID=mysqli_real_escape_string($db,$_POST['degreeID']);
- $sql_query="select * from degrees where degreeID = '$degreeID'";
- $result=mysqli_query($db,$sql_query);
- //check if user exists
- if(mysqli_num_rows($result) != 0){
- $error="User exists";
- }
- else{
- $degreeName=mysqli_real_escape_string($db,$_POST['degreeName']);
- $description=mysqli_real_escape_string($db,$_POST['description']);
- $sql_query="INSERT INTO `degrees` (`degreeID`, `degreeName`, `description`) VALUES ('$degreeID', '$degreeName', '$description')";
- $result=mysqli_query($db,$sql_query);
- if($result){
- header("Location: /admin/admin.php?msg=Degree added");
- }
- else{
- $error="sql error";
- }
- }
- }
- ?>
- <html>
- <head>
- <title>Add a degree</title>
- <link rel="stylesheet" type="text/css" href="adminStyle.css">
- </head>
- <body>
- <?php
- include($root . "/admin/header.php");
- ?>
- <li><a href="/admin/admin.php">Back</a></li>
- <form action="/admin/degreeAdd.php" method="post" id="degreeForm">
- <label for="degreeID">Degree ID:</label><br>
- <input type="text" id="degreeID" name="degreeID"><br>
- <label for="degreeName">Degree Name:</label><br>
- <input type="text" id="degreeName" name="degreeName"><br>
- <label for="description">Description:</label><br>
- <textarea rows="4" cols="50" name="description" id=description form="degreeForm"></textarea><br>
- <input type="submit" value="Submit">
- </form>
- <div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php if(isset($error)){echo $error;} ?></div>
- <?php
- include($root . "/admin/footer.php");
- ?>
- </body>
- </html>
|
