";
echo "DEBUG Parameter id: ". $id . "
";
echo "DEBUG Parameter course: ". $course . "
";
}
// Steve is faculty member and therefore can view any student grades
// Otherwise, logged in user can only access their grades
if (strcmp($_COOKIE['user_name'],"steve")==0 || strcmp($_COOKIE['user_name'],$id)==0) {
$db_handle = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname) or die ('Error connecting to mysql');
// If course code is not empty, then add that as query
if (empty($course)) {
$query = "SELECT * FROM coursegrades WHERE studentid = '$id' ORDER BY coursecode, studentid";
} else {
$query = "SELECT * FROM coursegrades WHERE studentid = '$id' AND coursecode = '$course' ORDER BY studentid";
}
if ($debugattack) {
echo "DEBUG Query: ". $query . "
";
}
// Run query
$result = mysqli_query($db_handle, $query);
// No current grades
if (!$result || mysqli_num_rows($result) < 1) {
echo "You have no grades at the moment.
";
// Show grades
} else {
echo "The grades are:
";
echo "";
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
// Steve can edit
if (strcmp($_COOKIE['user_name'],"steve")==0) {
echo "- " . $row['studentid'] . " - " . $row['coursecode'] . " - " . $row['grade'] . "
";
} else {
echo "- " . $row['studentid'] . " - " . $row['coursecode'] . " - " . $row['grade'] . "
";
}
}
echo "
";
}
mysqli_close($db_handle);
} else {
echo "You can only view your own grades.
";
}
echo "View grades
";
echo "Go home
";
echo "Logout
";
} else {
header("Location: index.php");
}
siteFooter();
?>