PHP Code:
function printForm() {
//using POST and sending the data to pet_creation.php
print "<form name='createpet' method='POST' action='pet_create.php'>";
//a field for the name
print "Pet name: <input type='text' maxlength='15' name='formPetname'>";
//now we will add what is called a select box. This is where users select from a drop down list. We will have two sample species called dragon and cat, but you can add however many you want.
//a select box works like this: the $_POST variable on the next page will be the name of the select box
print "<br><select name='formSpecies'>";
//but the value will be assigned to each OPTION
print "<option value='cat'>I Want A Cat</option>";
print "<option value='dragon'>Give Me A Dragon</option>";
print "</select>";
//we will also put a select box for the gender
print "<br><select name='formGender'>";
print "<option value='female'>Girly Pet</option>";
print "<option value='male'>Boy Pet</option>";
print "</select>";
//and a box for the colour
print "<br><select name='formColour'>";
print "<option value='yellow'>Yellow</option>";
print "<option value='black'>Black</option>";
print "</select>";
//and a submit button
print "<br><input type='submit' value='Create'>";
//stop any more code from being executed
myExit();
}
function formValidate() {
$uid = $_SESSION['uid'];
//we will check how many pets the user is allowed
$sql = "SELECT * FROM `USERS` WHERE `id` = '$uid'";
$result = mysql_query($sql);
$petsallowed = mysql_result($result,0,"petsallowed");
//selecting all pets with the "owner" of the user
$query = "SELECT * FROM `PETS` WHERE `ownerid` = '$uid'";
$result = mysql_query($query);
//if the results returned are equal to the number of pets the user is allowed, the user can't have another pet. To allow users to have more pets, just change this number.
if (mysql_numrows($result) == $petsallowed) { print "Sorry, you can't have more than one pets."; myExit(); }
$name = $_POST['formPetName'];
//is the pet name long enough?
if (strlen($name) < 5) { print "Pet name must be at least five characters long.<br>"; printForm(); }
//is it short enough?
if (strlen($name) > 15) { print "Pet name can't exceed fifteen characters.<br>"; printForm(); }
$and = filter($name);
if ($and) { print "Please give an appropriate pet name."; myExit(); }
if(strspn($name, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_'") != strlen($name)) { print "Please use alphanumeric characters only in your pet name."; myExit(); }
//is the species a valid species? We will check this simply by checking whether or not the image exists for the species. eg if cat.jpg exists then "cat" is a species and it will be allowed. You need to change this line of code so that the directory for images is correct. You can also change .jpg to .jpeg or .png if that is what you are using.
$tempimage = "images/pets/" .$_POST['formSpecies']. "_" .$_POST['formColour']. "_" .$_POST['formGender']. ".jpg";
if (!is_file($tempimage)) { print "Please choose a species which exists.<br>"; printForm(); }
//is the gender a valid gender?
if ($_POST['formGender'] != "female" && $_POST['formGender'] != "male") { print "Please choose a gender which exists.<br>"; printForm(); }
//is the pet name unique? You can remove this bit of code if you don't want unique pet names.
$petname = $_POST['formPetname'];
$query = "SELECT * FROM `PETS` WHERE `name` = '$petname'";
$result = mysql_query($query);
//if this returns any results, the pet name is not unique and the user must choose another name
if (mysql_numrows($result) > 0) { print "Sorry, a pet with that name already exists. Please choose again.<br>"; printForm(); }
}
formValidate();
//if everything is ok, insert the data!
$gender = $_POST['formGender'];
$species = $_POST['formSpecies'];
$colour = $_POST['formColour'];
$petname = $_POST['formPetname'];
$birthday = gmdate("M d Y");
$uid = $_SESSION['uid'];
$now = gmdate(U);
$query = "INSERT INTO `PETS` (`id`, `name`, `ownerid`, `gender`, `species`, `colour`, `fed`, `born`) VALUES ('', '$petname', '$uid', '$gender', '$species', '$colour', '$now', '$birthday');";
mysql_query($query);
print "Pet created successfully.";
?>