Edit Options in HTML Form Creator Form
This script is called edit-options-in-html-form-creator-form.php
The Edit Options in HTML Form Creator Form script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.
- HTML Form Creator
- Edit Options in HTML Form Creator Form
- Administrator Page for HTML Form Creator
End-User HTML Form Creator Scripts
- HTML Form Creator—Register with Captcha
- HTML Form Creator—View Profile
- HTML Form Creator—Edit Profile
- HTML Form Creator—Search and Match
- HTML Form Creator—Search and Match — Security
- HTML Form Creator—Search and Match — JavaScript
- HTML Form Creator—Search and Match — Form
- HTML Form Creator—Search and Match — PHP
- HTML Form Creator—Enter Record in Form
- HTML Form Creator—View Record in Form
- HTML Form Creator—Profile and Account Management
- HTML Form Creator—Login to Profile and Account Management
- HTML Form Creator—Logout of Profile and Account Management
- HTML Form Creator—Delete Group Account
- HTML Form Creator—Forgot User Name
- HTML Form Creator—Forgot Password
- HTML Form Creator—Form to Send Private Message
- HTML Form Creator—Send Private Message
- HTML Form Creator—Private Message Outbox
- HTML Form Creator—Private Message Inbox
- HTML Form Creator—Delete Private Message from Inbox
- HTML Form Creator—Delete Private Message from Outbox
- HTML Form Creator—Private Message Logout
- HTML Form Creator—Search and Match Session Monitoring
- HTML Form Creator—Configure File for Database Connection
- HTML Form Creator—Captcha Script for Registration and Login
Administrative HTML Form Creator Scripts
First, we start up a session and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:
$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());
Next we do browser sniffing to deal with display quirks. Then we have several JavaScript calculation functions that are part of the algorithm for dealing with fixed positioning. Much as we'd like to claim credit for it, in truth it's actually JDenny who is the CSS and JavaScript genius who came up with this brilliant CSS and JavaScript fixed positioning code and put it on the Web to help those of us that were stumped trying to figure out good fixed positioning codes. Thanks a million JDenny! This has to be the most ingenious DHTML using CSS and JavaScript we've ever seen! (Note: The b.gif URL should be left as is, but you do NOT need a b.gif file: it is a dummy name just to keep the code working.) The CSS for BODY, the mytable id, the mytable2 id, and the menu id in the CSS styling section are part of this algorithm for fixed positioning as well. The BODY tag's CSS that uses t.gif for the background is using a real file. Make it yourself: it's simply an invisible 1-pixel gif, and this goes a long way to prevent any shimmering of the fixed-position side menu. If you are feeling lazy type in http://www.css-resources.com/t.gif and do Save As from the browser's File menu, since right clicking is dumb—right click WHAT?
In the JavaScript section, there is a u() function which contains var url="edit-options-in-html-form-creator-form.php?f="+f+"&w="+qq+"&ie="+is_ie; window.location.href=url. It gets called by the menu item links such as the onClick="u('edit')" link used by the Edit function. The u() function sends both the selected menu item and the selected table row to the page, via a URL query string as the page reloads. The PHP GET superglobal variable grabs the URL query string data as $f and $w.
Then there is the addem() function, which contains document.myform.box.focus(), and this merely takes the cursor to the option input box. This gets used when the administrator uses the Edit or Add function.
Next, there is the check() function for validation of the administrator input. It runs off the onsubmit event which is echoed into place in the PHP page display section. The check() function replaces single quotes with middot ("·") characters, and it uses a regular expression pattern and the JavaScript search() method to check out the input box value and an illegal value (or less than 1 or more than 50 characters) will cause an alert message outlining legal characters, after which the function will return false. This latter causes the cursor to stay on the current input box. The check() function also checks that there are no leading spaces in the inputted values, using the substring() function. In check(), the selected table row is stuck into the hidden field "edit2". The data checking will not occur if the menu item selected was "delete".
The function check2() is to check the table name prefix (which will be followed by "_options") to make sure the administrator uses only allowed characters. The function fix() deals with quirks about how various browsers handle fixed positioning.
The functions startmouse() and getCoords() get the cursor coordinates of the mouse and run a small triangular red indicator arrow that runs vertically along the side of the displayed table data. Its purpose is to allow the administrator to, at first, select one of the input questions to add options to, and then, secondly, after the question has been selected and the screen display is the options edit area, to select one of the select box options displayed in a vertical column on the screen. This is done so that one of the menu items like edit or delete can be used on that select box option. The getCoords() function has algorithms in it that deal with ensuring that the indicator stays within the boundaries of the side of the column of the input questions or options displayed.
The function yyyy() is run by the BODY tag's onload event. It figures out how tall the browser window is and uses this to inform the getCoords() function of this height via the ad variable. The browser sniffer and these conditionals also help nail down the height from which the indicator range can be figured: if(Netscape){ii=26;p=119;} if(is_opera){ii=25;p=99;} if(wsafari){ii=26;p=99;} if(is_ie){ii=25;p=104;} if(is_chrome){ii=26;p=99;} if(msafari){ii=21;p=90;} The getElementById() method is used on the id of the indicator to figure out the top property it should have, and DHTML is done to move the indicator according to the current cursor position of the mouse.
The pp variable refers to the number of rows of options on the screen when delete, edit, or add functions are being utilized. The ad variable refers to the bottom-of-the-screen coordinate calculated by the yyyy() function. The qq variable refers to the row number of the selected row. The addme variable refers to the 5 or 0 added to the indicator's y coordinate according to whether the browser is IE or not and according to the function the administrator is into at the moment.
Next comes the CSS. We already looked at the fact there is some weird stuff in BODY, the mytable id, the mytable2 id and the menu id styling. These too help browsers handle fixed positioning.
PHP comes next. The function underscore() takes the table of form questions the administrator input in the HTML Form Creator page and that ended up in the inputs table, and processes them into values that can and will be used as MySQL table field names, allowing only alphanumerics and underscores in the new array $i2[]. So what is the $i2[] array? It is a filtered version of the form questions. The form questions contain the raw question data like "How many men, in your group, make over $50,000 a year (!) and a % goes to charity?" Allowed are ' ! ? $ % ( ) _ - , . and spaces, letters and numbers, even though the ' will get converted to middot ("·"). But the $i2[] array will contain only the filtered version of each form question, like:
"How_many_men__in_your_group__make_over__50_000_a_year_____and_a___
goes_to_charity_", which is okay as a field name, a tag's name attribute, a JavaScript array element value, or a PHP array element value. The array is created to put into the $aa table in the HTML Form Creator—Enter Record in Form page, which has the db name input by the administrator plus "_database". (Note: JavaScript allows $ in variable names but PHP doesn't, letting it only be a "this is PHP" token at the start of variables. So we disallowed it.)
To clarify: $a=$db."_inputs", $aa=$db."_database", $aaa=$db."_options". All these are the db name plus a suffix. The options table is the main one the script on this page deals with. It holds the select/options the administrator is inputting into this script. In using this data, selection of options in various form fields will get entered (in the HTML Form Creator—Enter Record in Form page) by the user for the field corresponding to form questions which have been filtered and put into the $i2[] array and then the database table.
The user inputs form data into the database table ($aa), while only the administrator inputs anything in the inputs table ($a) or options table ($aaa). The script html-form-creator.php creates all three tables in the db. The inputs table is created by the html-form-creator.php script once the administrator inputs a table prefix name. The other two tables require the administrator to click the "Save table" menu item in that script. The options table, which this page's edit-options-in-html-form-creator-form.php script edits, is created empty except for field names and only the script on this page can edit it, add to it, delete from it, etc. This table gets data only if the administrator changes any of the form input boxes to select boxes with options by selecting the "Add options" menu item when using the Edit Options in HTML Form Creator Form script on this page. To get to this from the script html-form-creator.php, you have to select the "Edit options" option in the script on that page first.
We've already started a session at the start of the whole script. Now let's use it. It turns out that session variables are a much easier way to deal with values that need to survive refresh/restart and submissions than sticking hidden fields, POSTs, and GETs everywhere full of flags or values. The first thing the administrator does on this options entry page is to enter the table prefix name for this form and it is POSTed to $d. If the POST has reasonable content, it will be used as the table prefix (since the prefix will be used before _database, _options, and _input tables in relating to MySQL tables). The db query SHOW TABLES LIKE '$aaa' will be used to check whether the table prefix exists and therefore the related options table exists, because this script is where the existing options table is updated. The $_SESSION['db']=$db command establishes a session variable.
The PHP function mysql_num_rows() checks to see if the result set from SHOW TABLES LIKE '$aaa' has any rows. If not, we unset $_SESSION['db'] and $d and $db and reload the page after alerting the administrator that "Table does not exist. Try again".
The very next command is that session variable being checked. So we now echo the table prefix entry form to the screen if the session variable $_SESSION['db'] is unset. If it is set and the table exists, we can skip this short code block because the table prefix entry form has already been submitted. and the result will be found to be okay since the JavaScript function check2() was called from the table prefix entry form, which forced it to be alphanumeric or underscore. Bad input gets an alert and a refocusing of the cursor in the input box. Good input lets the administrator into the rest of the script, as you can see by the following PHP "if" conditional.
Next, we define some arrays and table name suffixes. Also, we GET both 'f' and 'w', the latter being which question row on the screen is selected, and the former being which menu item is selected. The values come in via a URL query string when the selection of a menu item reloads the page.
Then we do a query to grab all the items and inputsizes from the db table $db."_inputs" and we stick the former in the $i[] array and the latter in the $s[] array, using a php while() statement and array_push() function. Now the underscore() function is run.
Next, for the add, delete, and edit functions, we take the $w variable (the selected HTML table row) and we subtract 1 because the N values in the MySQL table begins with 1 but the $i2[] array values start with element 0. Then we put $i2[$w-1] into the variable $v. Recall that the $i2[] is the filtered question data array, suitable for field names and name attributes. Then we define the $_SESSION['field_name'] session variable as $v and the $_SESSION['full_field_name'] session variable as $i[$w-1]. Now, $i[] is the raw form question array we want to display onscreen. For both the delete and edit functions, we perform the query SELECT * FROM $aaa WHERE field_name='$v'. This determines if the options table contains a field name in the field_name field called whatever $v is. Recall that $v would be one of the $i2[] array element values. If the result set from this SELECT has no rows, the page is reloaded after the administrator sees "No options there!" Obviously, the reason the add function does not get such a test is that it's fine if there are no options yet when you add an option, since one has to start somewhere.
The session variable $_SESSION['mode'] is "main" when the screen displays the form question rows to select from, but it is "add", "edit" or "delete" if you have already selected a form question row and clicked either the add, delete, or edit link in the side menu, in which case the page reloads with only options to select—options that will apply to the selected form question. For example, "What's your favorite color?" would have started out expressed as an input box type question—since they ALL do—but then you click on it and add these options: red, blue, green, yellow, white. Once you input options, the database table gets a datatype change from VARCHAR to TEXT, via the query ALTER TABLE $aa MODIFY COLUMN $v text. This allows the field to contain any number of options.
Then we use the PHP POST superglobal variable to get 3 POSTs. The $b variable will get the contents of the input box at the bottom of the option list where you type options. The $edit2 flag will be used to tell the editing functions which row (of inputted questions) was selected. The $ss variable will get the 2 spaces that get sent via the s form field if the delete menu link was clicked. This was the only way to get the browsers to allow delete to work. The add and edit functions used an input box to add or edit with, but the delete function needed no such input box, since the option selected for deletion is indicated by the red indicator you run with the mouse, and exactly what need is there to input anything? None. It turned out, however, that we needed to focus on an input box so the delete function could work, so we used one that had CSS styles of font-size:20%;border:none;background:#eee;. This latter color is the same one as the area of the dialog where we put the box, and with such a tiny font size and no border, the input box is nearly invisible—which is the goal. So a tiny cursor blinks but not noticeably. This allows the function to work right. (Don't ask . . .)
The $edit variable gets minus one because the table's N field starts at 1, but the arrays start at element 0. The $addme variable gets the 5 or 0 number according to whether the browser is IE. IE needs nothing added to the red indicator's y coordinate, but, if in "add", "edit" or "delete" mode, non-IE browsers need 5.
In the "add" mode, the comment "Change input to select? Put $v's value as field_name in $db.'_options'" kind of says it all. As soon as we stick values in the options table, the field name that gets put in with the options value now transmogrifies from an input tag to a select tag with options (when it gets accessed in HTML Form Creator—Enter Record in Form), with the datatype changing from varchar to text in the database table called $db."_database". The table is checked for prior option values for the field name selected as the question row we wish to add options to. The options field is one field only. It holds any number of options as a comma-separated string. These options are counted and the number found goes into $count. Our str_replace() function seems to be crazy, since it replaces commas with commas. In truth, it's just a good way to count how many of something are found in a string. Yes, the str_replace() function has a little used replacements counter. Next, the options value input into the input box has its ' characters replaced with middot ("·") characters for security reasons, since a huge proportion of hacker exploits use single quotes as cyberweapons. Then the rest of the input filtering commences, with a regular expression used in the PHP function preg_replace(). All this happened already in JavaScript, but one cannot be too careful. The strip_tags() function and mysql_real_escape_string() function enhance the data security even more, now. Once you input options, the database table gets a datatype change from VARCHAR to TEXT, via the query ALTER TABLE $aa MODIFY COLUMN $v text. This allows the field to contain any number of options.
Next the MySQL INSERT INTO statement puts the inputted options data into the table if the $nn flag is 1 (which happens due to the $nn=$count+1 that occured earlier if no row was found when the selected question row was searched for in the table) and the inputs were okay. This is the Add function. On the other hand, if the $nn value is more than 1 because the mysql_num_rows() function found one or more result set rows, the UPDATE SET statement is used to update the MySQL options being edited.
If the function chosen was "edit", then the options table record where the field_name is $v will be accessed and if nothing is found, the page reloads. If there are options, then the options value input into the input box has its ' characters replaced with middot ("·") characters for security reasons, since a huge proportion of hacker exploits use single quotes as cyberweapons. Then the rest of the input filtering commences, with a regular expression used in the PHP function preg_replace(). All this happened already in JavaScript, but one cannot be too careful. The strip_tags() function and mysql_real_escape_string() function enhance the data security even more, now. Then the UPDATE SET statement is used to update the MySQL options being edited. You may have noticed that there is an explode() of the data found in the MySQL table, then $j[$edit2]=$b, then an implode(). We are getting the table data to input, then we put it in a $j[] array. Then we replace the array element (that corresponds to the selected option value selected by the red indictor run by the mouse cursor) with the new data from the input box that's for options, then we implode this edited array into the $r string with the comma-separated values in it, then run security functions on the result before the updating.
If the function chosen was "delete", then the options table record where the field_name is $v will be accessed and if nothing is found, the page reloads. If there are options, then we go on. We are not deleting a table or a record or a field value, but just a part of a string in a field value, since they are stored as comma-separated data in strings. So we explode the string into a $j array, unset the array element (that corresponds to the selected option value selected by the red indictor run by the mouse cursor), plug up the hole in the array by use of the array_values() function, then check to see if the array is now empty(). If not, we implode the array back into a string, use the mysql_real_escape_string() function on it for security, and UPDATE the db table with this now smaller string. If the array is found to be empty, we go to the database table where the user inputs data, and change the datatype of that field. We delete the record from the options table, then go to the inputs table and get the inputsize number, then put $_SESSION['full_field_name'] into $q. We now use the weird MySQL query ALTER TABLE $aa CHANGE $v $v VARCHAR($t) NULL DEFAULT NULL", on the database table where the datatypes are defined for the input box data or select box data the users input, and where $t is the input size snuck out of the inputs table We use this to determine what to put in the VARCHAR parameter that indicated allowable field size. The reason for the 2 $v variables in a row is the first is what you are changing and the second is what you are changing it to. Since we have no desire to modify $v, it stays the same, but not the datatype.
Now we get to the page display script. Because of a if($_SESSION['mode']<>"main"){ near the top of the PHP section, we're displaying the page that shows only option values for one form question selection. After this options values display area is }else{, after which comes the display script for the entire list of form questions to select from.
In the page display script for option values, we use the MySQL query "SELECT options FROM $aaa WHERE field_name='$v'" to get the administrator-entered options for this question into a result set. We explode() the string we find that has comma-separated values in it, into the $j[] array, using the security precautions of the htmlentities() and stripslashes() functions. We print out this array, one value per line. After these values comes the form for entering new options or editing option values. It has the onsubmit event of running the check() function in JavaScript.
Note the way we have to adjust the display for each of the 3 menu functions: edit, delete, and add. They all get $_SESSION['full_field_name'] to show what question row is being dealt with. They all get instructions—which are different from each other. The delete and edit functions want the administrator to hit Enter once they are through and their red indicator has been placed on the option to deal with, whereas the add function requires clicking a submit button, since it makes no sense to select anything when appending a list. The delete function has CSS of font-size:20%;border:none;background:#eee for the id named s, and this s id is for the delete function's input box.
For the purpose of returning to the main page with the table of form question rows to select from, there is an HTML button with an onclick event: onClick=\"addme=0,u('main')\". The addme variable can only be 5 when you are not on the main page and not using an IE browser. The u() function does the page reload with the use of URL query strings to send to PHP GET superglobals the values needed for the script to perform correctly.
Now we come to, after the }else{, the display script for the entire list of form questions to select from. First we select all, sorted by id, from the inputs table, then we slap 1 through (the number of record rows in the inputs table) into the table's N field using UPDATE, then we select all again, sorted by this N field. This we use to display the whole table via the echo() function, of course. The htmlentities() and stripslashes() functions keep this displaying safe.
Now comes the side menu script, where the u() function is called from the onclick event: onClick=\"u('add')\". The instructions say "Select question to add options to. Move left. Use menu." You also get warned that ' will change to · in the data.
Next, we get the PHP data sent to JavaScript with the help of JavaScript Object Notation, also known as JSON. We will be needing the w (which row has the red indicator next to it), pp (how many option values for this record row), addme (what number to add to the indicator y coordinate) and menu_item variables, so we get those now, and if delete is chosen, a string with 2 spaces in it will be stuck into the input box named s and with an id of s, and this box (the delete function's special input box) will now get the focus—the cursor will go there. Recall that PHP is a server language so its values are in place, so therefore this JavaScript block, coming after the PHP block, will find its PHP values as needed. Finally, we display the red triangular indicator which is positioned by the administrator's mouse cursor.
The script below is called: edit-options-in-html-form-creator-form.php
<?php
session_start();
include('config.php');
?>
<html>
<head>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Edit Options in HTML Form Creator Form</TITLE>
<meta name="description" content="Edit Options in HTML Form Creator Form">
<meta name="keywords" content="Edit Options in HTML Form Creator Form,edit form options,edit options,options,HTML Form Creator,Form Creator,php,javascript, dhtml, DHTML">
<script language="javascript">
mactest=(navigator.userAgent.indexOf("Mac")!=-1) //My browser sniffers
is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1
Netscape=(navigator.appName.indexOf("Netscape") != -1)
msafari=(navigator.userAgent.indexOf("Safari")!= -1)
wsafari=0; if(!mactest&&msafari){wsafari=1;msafari=0}
is_opera = 0; if(window.opera){is_opera=1}
is_ie_mac = 0; is_ie=0;if(document.all){is_ie=1}
if(is_ie&&mactest){is_ie_mac=1}
var ii=25;var pp=0;var p=104;var yy=0;var x=0;var y=0;var yyy=0;var q=0;var ad=0;var f="";var qq=1;var addme=0;menu_item = "main";var ie=0;
if(Netscape){ii=26;p=119;}
if(is_opera){ii=25;p=99;}
if(wsafari){ii=26;p=99;}
if(is_ie){ii=25;p=104;}
if(is_chrome){ii=26;p=99;}
if(msafari){ii=21;p=90;}
function u(f){var url="edit-options-in-html-form-creator-form.php?f="+f+"&w="+qq+"&ie="+is_ie; window.location.href=url;}
function addem(){document.myform.box.focus();}
function yyyy(){
var v=document;ad=Math.max(Math.max(v.body.scrollHeight, v.documentElement.scrollHeight),
Math.max(v.body.offsetHeight, v.documentElement.offsetHeight),
Math.max(v.body.clientHeight, v.documentElement.clientHeight));}
function calculateBgX(oElement) {return document.body.scrollLeft - getOffsetLeft(oElement);}
function calculateBgY(oElement) {return document.body.scrollTop - getOffsetTop(oElement);}
function getOffsetTop(oElement) {var iResult= oElement.offsetTop;
while (oElement.offsetParent) {oElement = oElement.offsetParent;iResult += oElement.offsetTop;}
return iResult;}
function getOffsetLeft(oElement) {var iResult= oElement.offsetLeft;
while (oElement.offsetParent) {oElement = oElement.offsetParent;iResult += oElement.offsetLeft;}
return iResult;}
function check(){
document.myform.edit2.value=qq;
if(menu_item != "delete"){
mystring=document.myform.box.value;
while (mystring.substring(0,1) == ' ')
{mystring = mystring.substring(1);}
document.myform.box.value=mystring;
var ck_item = /^[A-Za-z0-9 !$%-_()\?\.\,\']{1,50}$/;
if (document.myform.box.value.search(ck_item)==-1)
{alert("Please enter 1 to 50 letters, numbers, period,\ncomma, space and these for option: ' ! ? $ % ( ) _ -"); document.myform.box.focus();return false;}else{l=document.myform.box.value; document.myform.box.value=l.replace(/'/gi, "·");}}
return true;}
function check2(){
var ck_item2 = /^[A-Za-z0-9_]{3,20}$/;
if (document.nameform.db.value.search(ck_item2)==-1)
{alert("Please enter 3 to 20 letters, numbers, or underscore."); document.nameform.db.focus();return false;}}
function startmouse() {if(Netscape) {document.captureEvents(Event.MOUSEMOVE);}
document.onmousemove=getCoords;}
function getCoords(e){
if (!e) var e = window.event;
if (e.pageX){y = e.pageY;x = e.pageX;}
else if (e.clientX){y = e.clientY + document.body.scrollTop;x = e.clientX + document.body.scrollLeft;}
if(x>148){if (y>ad-70 && ad>0){y=ad-70;}
if(pp>0 && y>((pp-1)*ii+p)){y=((pp-1)*ii+p);}
if (y<p){y=p;}
q=parseInt((y-p)/ii);qq=q+1;if(qq==0){qq=1;}
yy=p+q*ii+addme;
if(yyy!=yy){e=document.getElementById("j");e.style.top=yy+"px";yyy=yy;}}}
function fix(){if(Netscape||is_opera){e=document.getElementById("mytable");e.style.position="absolute";e.style.marginTop=0+"px";
e=document.getElementById("j");e.style.top=p+"px";}}
</script>
<STYLE TYPE="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-image:url(t.gif);background-attachment:fixed;background-color:#ccc;}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
#mytable {margin:26px 0 0 150px;width:600px;padding:10px;border:2px solid blue;background: url('b.gif');background-attachment: fixed;background-position: expression((calculateBgX(this))+"px "+(calculateBgY(this))+"px");background-color:#eee;}
#table1 {width:100%;border:1px solid blue;text-align:center}
#mytable2 {margin:26px 0 0 150px;width:600px;padding:10px;border:2px solid blue;background: url('b.gif');background-attachment: fixed;background-position: expression((calculateBgX(this))+"px "+(calculateBgY(this))+"px");background-color:#eee;}
#table2 {width:100%;border:1px solid blue;text-align:center}
#menu {background-color:#eee;position:fixed;left:2px;width:130px;padding:8px;border:2px solid blue;position: expression("absolute");top: expression(eval(document.body.scrollTop)+60);}
#j {position:absolute;top:104px;left:153px;}
#s {font-size:20%;border:none;background:#eee;}
#getdbname {position:absolute;top:104px;left:353px;}
</STYLE>
</head>
<body onload="startmouse(),yyyy(),fix()">
<?php
function underscore(){
global $i, $i2;
$replacement="_";
$pattern9 = '/[^A-Za-z0-9_]/i';
for ($h = 0; $h < count($i); $h++) {
$i2[$h]=preg_replace($pattern9, $replacement, $i[$h]);}}
$d=mysql_real_escape_string($_POST['db']);if(strlen($d)>2){
$db=$d;$aaa=$db."_options";$exists = mysql_query("SHOW TABLES LIKE '$aaa'") or die(mysql_error());
$_SESSION['db']=$db;$num_rows = mysql_num_rows($exists);
if($num_rows==0){unset($_SESSION['db']);unset($db);unset($d);mysql_close();
echo '<script language="javascript">alert("Table does not exist. Try again");</script>';}}
if(!isset($_SESSION['db'])){$_SESSION['mode']="main";
echo "<div id='getdbname'><form name='nameform' id='nameform' method='post' action='edit-options-in-html-form-creator-form.php?f=main' onsubmit='return check2()'>db name <input type='text' id='db' name='db' maxlength='20' size='20'><input type='submit' value='submit'></form></div>";}
if(isset($_SESSION['db'])){$db=$_SESSION['db'];
$f=$_GET['f'];$w=$_GET['w'];$ie=$_GET['ie'];$ff=$f;$ww=$w;$n=0;$i=array();$i2=array();$s=array();
$a=$db."_inputs";$aa=$db."_database";$aaa=$db."_options";
$sql=mysql_query("SELECT item,inputsize FROM $a ORDER BY N");
$num_rows = mysql_num_rows($sql);
while($row = mysql_fetch_array($sql)){
array_push ($i, $row['item']); array_push ($s, $row['inputsize']);}
underscore();
if($f=='add'){$_SESSION['mode']="add";$v=$i2[$w-1];$_SESSION['field_name']=$v;$_SESSION['full_field_name']=$i[$w-1];}
if($f=='delete'){$_SESSION['mode']="delete";$v=$i2[$w-1];$h=$i[$w-1];$_SESSION['field_name']=$v;$_SESSION['full_field_name']=$i[$w-1];
$sql=mysql_query("SELECT * FROM $aaa WHERE field_name='$v'");
$num_rows = mysql_num_rows($sql);
if($num_rows==0){$f='main';$_SESSION['mode']="main";echo '<script language="javascript">alert("No options there!");window.location="edit-options-in-html-form-creator-form.php?f='.$f.'";</script>';}}
if($f=='edit'){$_SESSION['mode']="edit";$v=$i2[$w-1];$_SESSION['field_name']=$v;$_SESSION['full_field_name']=$i[$w-1];
$sql=mysql_query("SELECT * FROM $aaa WHERE field_name='$v'");
$num_rows = mysql_num_rows($sql);
if($num_rows==0){$f='main';$_SESSION['mode']="main";echo '<script language="javascript">alert("No options there!");window.location="edit-options-in-html-form-creator-form.php?f='.$f.'";</script>';}}
if(!isset($f)||$f==""||$_SESSION['mode']=="main"){$f='main';}
$ff=$f;$pp=0;
if($f=='main'){$_SESSION['mode']="main";$addme=0;$ff=$f;}
if($_SESSION['mode']<>"main"){
$v=$_SESSION['field_name'];
$b=$_POST['box'];$ss=$_POST['s'];
$edit2=$_POST['edit2']-1;
$addme=5;
if(strlen($b)>0 && $_SESSION['mode']=="add"){
//change input to select? Put $v's value as field_name in $db.'_options'
$result = mysql_query("SELECT options FROM $aaa WHERE field_name='$v'");
$num_rows = mysql_num_rows($result);$ff="add";
if($num_rows==0){$nn=1;$r="";$count=0;
}else{
$row = mysql_fetch_array($result);
$r=$row['options'].",";
$r=str_replace(",",",",$r,$count);$nn=$count+1;}
$b=str_replace("'","·",$b);
$b=substr($b,0,50);$replacement="";
$pattern4 = '/[^A-Za-z0-9\\!\\?\\$\\%\\(\\)\\_\\s\\.\\-\\·]/i';
$b=preg_replace($pattern4, $replacement, $b);
$b=strip_tags($b);
$b=$r.$b;
$b=mysql_real_escape_string($b);
$sql=mysql_query("ALTER TABLE $aa MODIFY COLUMN $v text") or die(mysql_error());
if(strlen($b)>0 && $nn==1 && strlen($v)>0){
$sql = mysql_query("INSERT INTO $aaa
(id,field_name,number_of_options,options)
VALUES (NULL, '$v', '$nn', '$b')");
unset($b);
}else{
$sql = mysql_query("UPDATE $aaa SET options='$b',number_of_options='$nn' WHERE field_name='$v'");unset($b);}}
if(strlen($b)>0 && $_SESSION['mode']=="edit"){
$result = mysql_query("SELECT options FROM $aaa WHERE field_name='$v'");
$num_rows = mysql_num_rows($result);
if($num_rows==0){$r="";echo '<script language="javascript">window.location="edit-options-in-html-form-creator-form.php";</script>';
}else{
$row = mysql_fetch_array($result);$ff="edit";
$r=$row['options'];}
$b=str_replace("'","·",$b);
$b=substr($b,0,50);$replacement="";
$pattern4 = '/[^A-Za-z0-9\\!\\?\\$\\%\\(\\)\\_\\s\\.\\-\\·]/i';
$b=preg_replace($pattern4, $replacement, $b);
$b=strip_tags($b);
$j=explode(",",$r);
$j[$edit2]=$b;
$r=implode(",",$j);
$r=mysql_real_escape_string($r);
$sql = mysql_query("UPDATE $aaa SET options='$r' WHERE field_name='$v'");
unset($b);}
if(strlen($ss)>0 && $_SESSION['mode']=="delete"){
$result = mysql_query("SELECT options FROM $aaa WHERE field_name='$v'");
$row = mysql_fetch_array($result);$ff="delete";
$r=$row['options'];
if(strlen($r)<1){$r="";echo '<script language="javascript">window.location="edit-options-in-html-form-creator-form.php";</script>';
}else{
$j=explode(",",$r);
$zz=count($j);$b="";
unset($j[$edit2]);
$j=array_values($j);
if (!empty($j)){
$r=implode(",",$j);
$r=mysql_real_escape_string($r);
$sql = mysql_query("UPDATE $aaa SET options='$r' WHERE field_name='$v'");
}else{
$q=$_SESSION['full_field_name'];
$sql=mysql_query("SELECT inputsize FROM $a WHERE item='$q'");
$row = mysql_fetch_array($sql);
$t=$row['inputsize'];
$sql=mysql_query("DELETE FROM $aaa WHERE field_name='$v'");
$sql=mysql_query("ALTER TABLE $aa CHANGE $v $v VARCHAR($t) NULL DEFAULT NULL");
unset($b);}}}
$sql = mysql_query("SELECT options FROM $aaa WHERE field_name='$v'") or die(mysql_error());
echo "<center><h1>Edit Options</h1></center><div id='mytable2'><table id='table2' border='1' width='578'>";
echo "<tr><th width='578' align='center'>Option</th></tr>";
$row = mysql_fetch_array($sql);
$j=explode(",",htmlentities(stripslashes($row[0]), ENT_QUOTES));
$pp=count($j);
for ($h=0;$h<$pp;$h++){
echo "<tr><td align='left'>";
echo $j[$h];
echo "</td></tr>";}
echo "</table><a name='form1'></a><form name='myform' id='myform' method='post' action='edit-options-in-html-form-creator-form.php' onsubmit='return check()'>";
echo "<input type='hidden' name='edit2' value='-1'>";
if($_SESSION['mode']<>"delete"){echo "Option <input type='text' id='box' name='box' maxlength='50' size='50'> ";}
if($_SESSION['mode']=="edit"){echo "<br><br><b><center><span style='color:blue'>".$_SESSION['full_field_name']."</span><BR><span style='color:red'>EDIT:</span> Enter new option. Put marker on option to replace. Press Enter.</center></b>";}
if($_SESSION['mode']=="delete"){echo "<br><br><b><center><span style='color:blue'>".$_SESSION['full_field_name']."</span><BR><span style='color:red'>DELETE:</span> Put marker on option to delete. Press Enter.</center></b><input type='text' id='s' name='s' maxlength='1' size='1'>";}
if($_SESSION['mode']=="add"){echo "<br><br><b><center><span style='color:blue'>".$_SESSION['full_field_name']."</span><BR><span style='color:red'>ADD:</span> Enter option to add. Press submit button.</center></b>";}
if($_SESSION['mode']<>"delete" && $_SESSION['mode']<>"edit"){echo "<BR><input type='submit' value='submit'>";}
echo " <center><button type='button' onClick=\"addme=0,u('main')\">Return to Main page</button></center></form></div>";
mysql_close();
}else{
$result = mysql_query("SELECT * FROM $a ORDER BY id");
$num_rows = mysql_num_rows($result);
while($row = mysql_fetch_array($result)) {$id=$row['id'];$n++;
mysql_query("UPDATE $a SET N='$n' WHERE id='$id'");}
$sql = mysql_query("SELECT * FROM $a ORDER BY N") or die(mysql_error());
echo "<center><h1>Edit Options in HTML Form Creator Form</h1></center><div id='mytable'><table id='table1' border='1' width='578'>";
echo "<tr><th width='25'>Number</th><th width='25'>Size</th><th width='528' align='center'>Question</th></tr>";
while($row = mysql_fetch_array($sql)) {
echo "<tr><td>";
echo htmlentities(stripslashes($row['N']), ENT_QUOTES);
echo "</td><td>";
echo htmlentities(stripslashes($row['inputsize']), ENT_QUOTES);
echo "</td><td align='left'>";
echo htmlentities(stripslashes($row['item']), ENT_QUOTES);
echo "</td></tr>";}
echo "</table><BR><BR></div>";
mysql_close();
if(isset($ww)){unset($b);unset($f);unset($w);}
echo "<div id='menu'>
<a HREF=\"#\" onClick=\"u('add')\">Add option</a><BR><BR>
<a HREF=\"#\" onClick=\"u('delete')\">Delete option</a><BR><BR>
<a HREF=\"#\" onClick=\"u('edit')\">Edit option</a><BR><BR>
<a HREF='html-form-creator.php'>Edit input fields</a><BR><BR>
<a HREF='administrator-page.php'>Return to<BR>Admin Page</a><BR><BR><hr>
<b>Select question<BR>to add<BR>options to.<BR>Move left.<BR>Use menu.</b><BR><hr><BR>(' will change to ·)
</div>";
}}
?>
<script language="javascript">
var menu_item = <?php echo json_encode($ff); ?>;
var w = <?php echo json_encode($ww); ?>;
var pp = <?php echo json_encode($pp); ?>;
var addme = <?php echo json_encode($addme); ?>;
if(is_ie){addme=0;}else{if(menu_item == "main"){addme=0;}else{addme=5;}}
if(menu_item=="edit"){addem();}
if(menu_item=="add"){addem();}
if(menu_item=="delete"){document.myform.s.value=" ";document.myform.s.focus();}
</script>
<div id='j'><IMG SRC="indicator.gif" WIDTH=7 HEIGHT=15 BORDER=0></div>
</body>
</html>