BloodDonationWebsite/updateinfo.php at main · SumitKumarKar01/BloodDonationWebsite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
session_start();
$nid = $_SESSION['nid'];
$db = mysqli_connect("localhost", "root", "", "blood_donation");
if(!$db){
    die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['donate']))
{
    $sql="UPDATE users SET type='$_POST[type]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if(isset($_POST['update-name']))
{
    $sql="UPDATE person SET name='$_POST[name]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if(isset($_POST['update-email']))
{
    $sql="UPDATE person SET email='$_POST[email]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if(isset($_POST['update-phone']))
{
    $sql="UPDATE person SET phone='$_POST[phone]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if(isset($_POST['update-blood']))
{
    $sql="UPDATE donor SET blood='$_POST[blood]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if(isset($_POST['update-location']))
{
    $sql="UPDATE donor SET location='$_POST[district]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);
}
if(isset($_POST['update-username']))
{
    $sql="UPDATE users SET username='$_POST[username]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);

}
if(isset($_POST['update-password']))
{
    $sql="UPDATE users SET password='$_POST[password]' WHERE nid='$nid'";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);

}
if(isset($_POST['adduserac']))
{
    $sql="INSERT INTO users (nid, username, password, type) VALUES ('$_POST[nid]', '$_POST[username]', '$_POST[password]', '$_POST[type]')";
    mysqli_query($db, $sql);
    $sql="INSERT INTO person (nid, name, email, phone) VALUES ('$_POST[nid]', '$_POST[name]', '$_POST[email]', '$_POST[phone]')";
    mysqli_query($db, $sql);
    $sql="INSERT INTO donor (nid, blood, location) VALUES ('$_POST[nid]', '$_POST[blood]', '$_POST[district]')";
    mysqli_query($db, $sql);
    $sql="INSERT INTO recovery (nid, pet, friend) VALUES ('$_POST[nid]', '$_POST[pet]', '$_POST[friend]')";
    mysqli_query($db, $sql);
    header('Location: ' . $_SERVER['HTTP_REFERER']);

}
if(isset($_POST['delete'])){
    $sql = "DELETE FROM users WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    $sql = "DELETE FROM donor WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    $sql = "DELETE FROM person WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    $sql = "DELETE FROM recovery WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    session_destroy();
    header('Location: ' . $_SERVER['HTTP_REFERER']);

}

if(isset($_POST['deleteuser'])){
    $sql="SELECT nid FROM users WHERE username='$_POST[username]'";
    $result = mysqli_query($db, $sql);
    $row = mysqli_fetch_assoc($result);
    $nid = $row['nid'];
    $sql = "DELETE FROM users WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    $sql = "DELETE FROM donor WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    $sql = "DELETE FROM person WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    $sql = "DELETE FROM recovery WHERE nid = '$nid'";
    mysqli_query($db, $sql);
    header('location: admindashboard.php');

}


?>