PackIt/submit_activities.php

<?php

// Database configuration
require_once '../config.php';

try {
    // Establish a database connection using PDO
    $pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8", $username, $password, [
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
    ]);
} catch (PDOException $e) {
    die("Database connection failed: " . $e->getMessage());
}

// Retrieve and sanitize GET parameters
$activityIds = isset($_GET['activity_ids']) ? $_GET['activity_ids'] : '';
$activityIds = explode(',', $activityIds);
$sanitizedIds = [];

foreach ($activityIds as $id) {
    if (ctype_digit($id) && (int)$id >= 0 && (int)$id <= 256) {
        $sanitizedIds[] = (int)$id;
    }
}

if (empty($sanitizedIds)) {
    die("No valid activity IDs provided.");
}

// Create a query to get itemIDs
$placeholders = implode(',', array_fill(0, count($sanitizedIds), '?'));
$sql = "SELECT itemID FROM item_activity_map WHERE activityID IN ($placeholders)";
$stmt = $pdo->prepare($sql);
$stmt->execute($sanitizedIds);
$itemIDs = $stmt->fetchAll(PDO::FETCH_COLUMN);

if (empty($itemIDs)) {
    die("No matching item IDs found.");
}

// Retrieve item names based on itemIDs
$placeholders = implode(',', array_fill(0, count($itemIDs), '?'));
$sql = "SELECT itemID, itemName FROM item_names WHERE itemID IN ($placeholders)";
$stmt = $pdo->prepare($sql);
$stmt->execute($itemIDs);
$items = $stmt->fetchAll();

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Your packing list</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            padding: 20px;
        }
        .item-item {
            margin: 5px 0;
        }
        .item-item input {
            margin-right: 10px;
        }
    </style>
</head>
<body>

<h1>You need</h1>
<?php
// Display results as HTML with checkboxes
echo "<form method='post' action='index.php'>";
echo "<ul>";
foreach ($items as $item) {
    echo "
	<div class='item-item'>
	<input type='checkbox' name='selected_items' value='" . htmlspecialchars($item['itemID']) . "'>
	<label for=selected_items_" . htmlspecialchars($item['itemID']) . ">" 
	. htmlspecialchars($item['itemName']
	. "</label></div>";
}
echo "</ul>";
echo "</form>";
?>

</body>
</html>