initial commit for submit_activities.php

submit_activities.php

@@ -0,0 +1,59 @@
+<?php
+
+// Database configuration
+require_once '../config.php';
+
+try {
+    // Establish a database connection using PDO
+    $pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8", $username, $password, [
+        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
+    ]);
+} catch (PDOException $e) {
+    die("Database connection failed: " . $e->getMessage());
+}
+
+// Retrieve and sanitize GET parameters
+$activityIds = isset($_GET['activity_ids']) ? $_GET['activity_ids'] : '';
+$activityIds = explode(',', $activityIds);
+$sanitizedIds = [];
+
+foreach ($activityIds as $id) {
+    if (ctype_digit($id) && (int)$id >= 0 && (int)$id <= 256) {
+        $sanitizedIds[] = (int)$id;
+    }
+}
+
+if (empty($sanitizedIds)) {
+    die("No valid activity IDs provided.");
+}
+
+// Create a query to get itemIDs
+$placeholders = implode(',', array_fill(0, count($sanitizedIds), '?'));
+$sql = "SELECT itemID FROM item_activity_map WHERE activityID IN ($placeholders)";
+$stmt = $pdo->prepare($sql);
+$stmt->execute($sanitizedIds);
+$itemIDs = $stmt->fetchAll(PDO::FETCH_COLUMN);
+
+if (empty($itemIDs)) {
+    die("No matching item IDs found.");
+}
+
+// Retrieve item names based on itemIDs
+$placeholders = implode(',', array_fill(0, count($itemIDs), '?'));
+$sql = "SELECT itemID, itemName FROM item_names WHERE itemID IN ($placeholders)";
+$stmt = $pdo->prepare($sql);
+$stmt->execute($itemIDs);
+$items = $stmt->fetchAll();
+
+// Display results as HTML with checkboxes
+echo "<form method='post' action='process_selection.php'>";
+echo "<ul>";
+foreach ($items as $item) {
+    echo "<li><input type='checkbox' name='selected_items[]' value='" . htmlspecialchars($item['itemID']) . "'> " . htmlspecialchars($item['itemName']) . "</li>";
+}
+echo "</ul>";
+echo "<button type='submit'>Submit</button>";
+echo "</form>";
+
+?>