Show sourcecode
The following files exists in this folder. Click to view.
public_html/crumbs/admin/products/
addproduct.php
deleteproduct.php
editproduct.php
editproduct.php
183 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
<?php
$basePath = '../../';
$pageTitle = 'Redigera Produkt';
$activePage = 'editproduct';
session_start();
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
header('Location: ../../login.php');
die();
}
include('../../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
$messageClass = 'alert-warning';
$getid = null;
$getname = null;
$getprice = null;
$getdescription = null;
$getimageurl = null;
$getdisabled = null;
if (
isset($_POST['name']) && isset($_POST['price']) &&
isset($_POST['product_id']) && !empty($_POST['name']) &&
!empty($_POST['price']) && !empty($_POST['product_id'])
) {
$product_id = $_POST['product_id'];
$name = $_POST['name'];
$price = $_POST['price'];
$description = $_POST['description'];
$image_url = $_POST['image_url'];
$is_disabled = isset($_POST['is_disabled']) ? 1 : 0;
// SÄKERHET: Validera att priset är ett positivt tal (klientsidan kan kringgås)
$errors = [];
if (!is_numeric($price) || $price < 0) {
$errors[] = "Priset måste vara ett positivt tal.";
}
if (empty($errors)) {
try {
$sql = "UPDATE products SET name=?, price=?, description=?, image_url=?, is_disabled=? WHERE product_id=?";
$data = array($name, $price, $description, $image_url, $is_disabled, $product_id);
$stmt = $dbconn->prepare($sql);
$stmt->execute($data);
$messageClass = 'alert-success';
$message = "Produkt uppdaterad.";
$_GET['product_id'] = null;
} catch (PDOException $e) {
// SÄKERHET: Visa inte detaljerade databasfel (kan avslöja intern information)
error_log("editproduct error: " . $e->getMessage());
$messageClass = 'alert-error';
$message = "Ett databasfel uppstod. Försök igen senare.";
}
} else {
$messageClass = 'alert-error';
$message = implode(' ', $errors);
}
}
if (isset($_GET['product_id']) && !empty($_GET['product_id'])) {
$product_id = $_GET['product_id'];
try {
$sql = "SELECT * FROM products WHERE product_id=?";
$stmt = $dbconn->prepare($sql);
$stmt->execute(array($product_id));
$res = $stmt->fetch(PDO::FETCH_ASSOC);
if ($res) {
$getid = htmlentities($res['product_id']);
$getname = htmlentities($res['name']);
$getprice = htmlentities($res['price']);
$getdescription = htmlentities($res['description']);
$getimageurl = htmlentities($res['image_url']);
$getstock = htmlentities($res['stock']);
$getdisabled = $res['is_disabled'];
$messageClass = 'alert-success';
$message = "Produkt laddad. Redigera fälten nedan.";
} else {
$messageClass = 'alert-error';
$message = "Produkten hittades inte.";
}
} catch (PDOException $e) {
// SÄKERHET: Visa inte detaljerade databasfel
error_log("editproduct GET error: " . $e->getMessage());
$messageClass = 'alert-error';
$message = "Ett databasfel uppstod. Försök igen senare.";
}
}
include('../../includes/header.php');
?>
<div class="page-header">
<div class="page-header-text">
<h1>Hantera Produkter</h1>
<p>Välj en produkt att redigera.</p>
</div>
</div>
<?php if ($message): ?>
<div class="alert <?= $messageClass ?>"><?= $message ?></div>
<?php endif; ?>
<div class="card">
<h2><span class="material-symbols-rounded" style="font-size:20px; vertical-align:middle; margin-right:6px">inventory_2</span>Produkter</h2>
<?php
$sql = "SELECT * FROM products";
$stmt = $dbconn->prepare($sql);
$stmt->execute();
$output = '<table class="table"><thead><tr><th></th><th>ID</th><th>Namn</th><th>Pris</th><th>Beskrivning</th><th>Lager</th><th>Inaktiv</th></tr></thead><tbody>';
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
$idx = htmlentities($res['product_id']);
$name = htmlentities($res['name']);
$price = htmlentities($res['price']);
$description = htmlentities($res['description']);
$stock = htmlentities($res['stock']);
$is_disabled = $res['is_disabled'] == 1 ? 'Ja' : 'Nej';
$output .= "<tr>" .
"<td><a class='btn btn-sm' href='?product_id=$idx'><span class='material-symbols-rounded' style='font-size:16px'>edit</span> Välj</a></td>" .
"<td>$idx</td>" .
"<td><strong>$name</strong></td>" .
"<td>$price kr</td>" .
"<td>$description</td>" .
"<td>$stock</td>" .
"<td>$is_disabled</td>" .
"</tr>";
}
$output .= "</tbody></table>";
echo $output;
?>
</div>
<div class="card">
<h2><span class="material-symbols-rounded" style="font-size:20px; vertical-align:middle; margin-right:6px">edit</span>Redigera</h2>
<form method="post" action="">
<table>
<tr>
<td>Namn *</td>
<td><input type="text" name="name" maxlength="64" value="<?= $getname ?>" required placeholder="Produktnamn"></td>
</tr>
<tr>
<td>Pris (SEK) *</td>
<td><input type="number" name="price" min="0" step="0.01" value="<?= $getprice ?>" required></td>
</tr>
<tr>
<td>Beskrivning</td>
<td><input type="text" name="description" maxlength="128" value="<?= $getdescription ?>"></td>
</tr>
<tr>
<td>Bild (URL)</td>
<td><input type="url" name="image_url" maxlength="255" value="<?= $getimageurl ?>"></td>
</tr>
<tr>
<td>Inaktiv</td>
<td><input type="checkbox" name="is_disabled" <?= $getdisabled == 1 ? 'checked' : '' ?>></td>
</tr>
<tr>
<td class="meta">* = Obligatoriskt</td>
<td>
<input type="hidden" name="product_id" value="<?= $getid ?>">
<button type="submit" class="btn btn-success">
<span class="material-symbols-rounded">save</span>
Spara
</button>
</td>
</tr>
</table>
</form>
</div>
<?php
$dbconn = null;
include('../../includes/footer.php');
?>