#!/usr/local/bin/perl
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser'; #remove for prod
use DBI;

# get form parameters
my $q = new CGI;
my $action = $q->param('go');
my $orderid = $q->param('orderid');
my $msg = "";
my $dbh = dbh(); # connect to db

$dbh->do("SET search_path to northwind") or die;

my $sql = 'SELECT  
         	a."OrderID", b."ProductName", a."UnitPrice", a."Quantity", a."Discount"  
           FROM  
         	"Order_Details" a, "Products" b  
           WHERE 
         	a."ProductID" = b."ProductID" AND "OrderID" = ? ';

my $hr = $dbh->selectrow_hashref($sql,undef,$orderid);

#change validation to suit
if ( ($action eq "UPDATE") && ($orderid =~ /\d+/)) {
  my $sql = qq! UPDATE
                   "Order_Details"
                SET
                   "UnitPrice" = ?,
                   "Quantity"  = ?,
                   "Discount"  = ?
                WHERE "OrderID" = ? !;
               
  my $count = $dbh->do( $sql,undef,$orderid );
  $msg = "$count Record updated - $sql, $orderid";
} else {
  $msg = "Please complete form";
}

# build html page
my $style = q!
  body { background-color: pink ; color: #3300cc; }
  .container { width: 500px; clear: both; }
  .container input { width: 100%; clear: both;}
!;

# Send out the header and form
print $q->header;
print $q->start_html(-title=>'Order details',
                     -style=>{ -code=>$style } );

if ( ($action eq "EDIT") && ($orderid =~ /\d+/)) {
 print qq!<h1 style="color:3300CC">Update Order Details for order # ? </h1>!;
 print qq!<div class="container">
<form action="" method="post">
<input type="hidden" name="ordid" value="$hr->{'OrderID'}"/>
Product Name :<input name="productname" value="$hr->{'ProductName'}" readonly/><br/>
Unit Price :<input name="unitprice" value="$hr->{'UnitPrice'}" /><br/>
Quantity :<input name="quantity" value="$hr->{'Quantity'}" /><br/>
Discount :<input name="discount" value="$hr->{'Discount'}" /><br/>
<input type="submit" name="go" value="UPDATE"/>
</form></div><hr/>!;
$msg = "";
} else {
print qq!<h1 style="color:3300CC">Order Details for order # $orderid</h1>!;
print qq!<div class="container">

<form action="" method="post">
<input type="hidden" name="ordid" value="$hr->{'OrderID'}"/>
Product Name :<input name="productname" value="$hr->{'ProductName'}" readonly/><br/>
Unit Price :<input name="unitprice" value="$hr->{'UnitPrice'}" readonly/><br/>
Quantity :<input name="quantity" value="$hr->{'Quantity'}" readonly/><br/>
Discount :<input name="discount" value="$hr->{'Discount'}" readonly/><br/>
<input type="submit" name="go" value="EDIT"/>
</form></div><hr/>!;

$msg = "Record details fetched - $sql, $orderid";
}
 
  # Standard links to the rest of the application
  print <<"FOOTER";
<b>$msg</b>
<hr/>
Jump to - <a href="viewemp.pl">View Employees Listing</a><br/>
Jump to - <a href="addemp.pl">Add an Employee</a><br/>
Jump to - <a href="editemp.pl">Edit an Employee details</a><br/>
Jump to - <a href="updatephoto.pl">Add or update Employee Photo</a><br/>
<hr/>
Edited by Terry on July, 06 2014.
FOOTER
print $q->end_html;

# connect to database
sub dbh {
  my $dsn = 'DBI:Pg:dbname=northwind;host=localhost';
  my $user = 'postgres';
  my $pwd  = 'postgres';
  my $dbh = DBI -> connect($dsn,$user,$pwd,{'RaiseError' => 1});
  return $dbh;
}