";
echo "DEBUG Parameter id: ". $id . "
";
echo "DEBUG Parameter course: ". $course . "
";
echo "DEBUG Parameter newgrade: ". $newgrade . "
";
}
// Steve is faculty member and therefore can edit any student grades
if (strcmp($_COOKIE['user_name'],"steve")==0) {
$db_handle = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname) or die ('Error connecting to mysql');
$query = "UPDATE coursegrades SET grade = '$newgrade' WHERE studentid = '$id' AND coursecode = '$course'";
if ($debugattack) {
echo "DEBUG Query: ". $query . "
";
}
// Run query
$result = mysqli_query($db_handle, $query);
echo "Grade update complete.
";
mysqli_close($db_handle);
} else {
echo "You are not allowed to edit grades.
";
}
echo "View grades
";
echo "Go home
";
echo "Logout
";
} else {
header("Location: index.php");
}
siteFooter();
?>