Enhance pendatang module with existing resident selection, standardize UI gender display to LAKI-LAKI/PEREMPUAN, add Jenis Kelamin columns to pindah/mendu tables, fix NIK display in reports, and implement security improvements

admin/datang/edit_datang.php

@@ -1,11 +1,14 @@
 <?php
 
-    if(isset($_GET['kode'])){
-        $sql_cek = "SELECT d.id_datang, d.nik, d.nama_datang, d.jekel, d.tgl_datang, p.id_pend, p.nama from 
-		tb_datang d inner join tb_pdd p on d.pelapor=p.id_pend WHERE id_datang='".$_GET['kode']."'";
-        $query_cek = mysqli_query($koneksi, $sql_cek);
-        $data_cek = mysqli_fetch_array($query_cek,MYSQLI_BOTH);
-    }
+    if(isset($_GET['kode'])){
+        $sql_cek = "SELECT d.id_datang, d.id_pend, d.nik, d.nama_datang, d.jekel, d.tgl_datang, p.id_pend as id_pelapor, p.nama as nama_pelapor, pd.tgl_lh 
+		FROM tb_datang d 
+		INNER JOIN tb_pdd p ON d.pelapor=p.id_pend 
+		LEFT JOIN tb_pdd pd ON d.id_pend=pd.id_pend 
+		WHERE d.id_datang='".$_GET['kode']."'";
+        $query_cek = mysqli_query($koneksi, $sql_cek);
+        $data_cek = mysqli_fetch_array($query_cek,MYSQLI_BOTH);
+    }
 ?>
 
 <div class="card card-success">
@@ -24,43 +27,51 @@
 				</div>
 			</div>
 
-			<div class="form-group row">
-				<label class="col-sm-2 col-form-label">NIK</label>
-				<div class="col-sm-6">
-					<input type="text" class="form-control" id="nik" name="nik" value="<?php echo $data_cek['nik']; ?>"
-					 required>
-				</div>
-			</div>
-
-			<div class="form-group row">
-				<label class="col-sm-2 col-form-label">Nama</label>
-				<div class="col-sm-6">
-					<input type="text" class="form-control" id="nama_datang" name="nama_datang" value="<?php echo $data_cek['nama_datang']; ?>"
-					 required>
-				</div>
-			</div>
-
-			<div class="form-group row">
-				<label class="col-sm-2 col-form-label">Jenis Kelamin</label>
+			<input type="hidden" id="id_pend" name="id_pend" value="<?php echo isset($data_cek['id_pend']) ? $data_cek['id_pend'] : ''; ?>">
+
+			<div class="form-group row">
+				<label class="col-sm-2 col-form-label">NIK</label>
+				<div class="col-sm-6">
+					<input type="text" class="form-control" value="<?php echo htmlspecialchars($data_cek['nik'], ENT_QUOTES); ?>" readonly>
+					<input type="hidden" name="nik" value="<?php echo htmlspecialchars($data_cek['nik'], ENT_QUOTES); ?>">
+				</div>
+			</div>
+
+			<div class="form-group row">
+				<label class="col-sm-2 col-form-label">Nama</label>
+				<div class="col-sm-6">
+					<input type="text" class="form-control" value="<?php echo htmlspecialchars($data_cek['nama_datang'], ENT_QUOTES); ?>" readonly>
+					<input type="hidden" name="nama_datang" value="<?php echo htmlspecialchars($data_cek['nama_datang'], ENT_QUOTES); ?>">
+				</div>
+			</div>
+
+			<div class="form-group row">
+				<label class="col-sm-2 col-form-label">Jenis Kelamin</label>
+				<div class="col-sm-3">
+					<input type="text" class="form-control" value="<?php 
+						$display_jekel = $data_cek['jekel'];
+						if ($display_jekel == 'LK') {
+							$display_jekel = 'LAKI-LAKI';
+						} elseif ($display_jekel == 'PR') {
+							$display_jekel = 'PEREMPUAN';
+						}
+						echo htmlspecialchars($display_jekel, ENT_QUOTES);
+					?>" readonly>
+					<input type="hidden" name="jekel" value="<?php echo htmlspecialchars($data_cek['jekel'], ENT_QUOTES); ?>">
+				</div>
+			</div>
+
+			<div class="form-group row">
+				<label class="col-sm-2 col-form-label">Tgl Lahir</label>
+				<div class="col-sm-3">
+					<input type="text" class="form-control" value="<?php echo htmlspecialchars(isset($data_cek['tgl_lh']) ? $data_cek['tgl_lh'] : '-', ENT_QUOTES); ?>" readonly>
+				</div>
+			</div>
+
+			<div class="form-group row">
+				<label class="col-sm-2 col-form-label">Tgl Datang</label>
 				<div class="col-sm-3">
-					<select name="jekel" id="jekel" class="form-control">
-						<option value="">-- Pilih jekel --</option>
-						<?php
-                //menhecek data yg dipilih sebelumnya
-                if ($data_cek['jekel'] == "LK") echo "<option value='LK' selected>LK</option>";
-                else echo "<option value='LK'>LK</option>";
-
-                if ($data_cek['jekel'] == "PR") echo "<option value='PR' selected>PR</option>";
-                else echo "<option value='PR'>PR</option>";
-            ?>
-					</select>
-				</div>
-			</div>
-
-			<div class="form-group row">
-				<label class="col-sm-2 col-form-label">Tgl Datang</label>
-				<div class="col-sm-3">
-					<input type="date" class="form-control" id="tgl_datang" name="tgl_datang" value="<?php echo $data_cek['tgl_datang']; ?>"
+					<input type="date" class="form-control" id="tgl_datang" name="tgl_datang" value="<?php echo htmlspecialchars($data_cek['tgl_datang'], ENT_QUOTES); ?>"
 					 required>
 				</div>
 			</div>
@@ -72,15 +83,14 @@
 						<option selected="">- Pilih -</option>
 						<?php
                         // ambil data dari database
-                        $query = "select * from tb_pdd";
+                        $query = "select * from tb_pdd where status='Ada'";
                         $hasil = mysqli_query($koneksi, $query);
                         while ($row = mysqli_fetch_array($hasil)) {
                         ?>
-						<option value="<?php echo $row['id_pend'] ?>" <?=$data_cek[
-						 'id_pend']==$row[ 'id_pend'] ? "selected" : null ?>>
-							<?php echo $row['nik'] ?>
+						<option value="<?php echo $row['id_pend'] ?>" <?=$data_cek['id_pelapor']==$row['id_pend'] ? "selected" : null ?>>
+							<?php echo htmlspecialchars($row['nik'], ENT_QUOTES); ?>
 							-
-							<?php echo $row['nama'] ?>
+							<?php echo htmlspecialchars($row['nama'], ENT_QUOTES); ?>
 						</option>
 						<?php
                         }
@@ -98,31 +108,44 @@
 	</form>
 </div>
 
-<?php
-
-    if (isset ($_POST['Ubah'])){
-    $sql_ubah = "UPDATE tb_datang SET 
-		nik='".$_POST['nik']."',
-		nama_datang='".$_POST['nama_datang']."',
-		jekel='".$_POST['jekel']."',
-		tgl_datang='".$_POST['tgl_datang']."',
-		pelapor='".$_POST['pelapor']."'
-		WHERE id_datang='".$_POST['id_datang']."'";
-    $query_ubah = mysqli_query($koneksi, $sql_ubah);
-    mysqli_close($koneksi);
-
-    if ($query_ubah) {
-        echo "<script>
-      Swal.fire({title: 'Ubah Data Berhasil',text: '',icon: 'success',confirmButtonText: 'OK'
-      }).then((result) => {if (result.value)
-        {window.location = 'index.php?page=data-datang';
-        }
-      })</script>";
-      }else{
-      echo "<script>
-      Swal.fire({title: 'Ubah Data Gagal',text: '',icon: 'error',confirmButtonText: 'OK'
-      }).then((result) => {if (result.value)
-        {window.location = 'index.php?page=data-datang';
-        }
-      })</script>";
-    }}
+<?php
+
+    if (isset ($_POST['Ubah'])){
+    // Sanitize Input to prevent SQL Injection & Syntax Errors
+    $id_datang = (int)$_POST['id_datang'];
+    $nik = mysqli_real_escape_string($koneksi, trim($_POST['nik']));
+    $nama_datang = mysqli_real_escape_string($koneksi, trim($_POST['nama_datang']));
+    $jekel = mysqli_real_escape_string($koneksi, trim($_POST['jekel']));
+
+    $tgl_datang = mysqli_real_escape_string($koneksi, trim($_POST['tgl_datang']));
+    $pelapor = (int)$_POST['pelapor'];
+    
+    // Update tb_datang table
+    $sql_ubah = "UPDATE tb_datang SET 
+		nik='$nik',
+		nama_datang='$nama_datang',
+		jekel='$jekel',
+		tgl_datang='$tgl_datang',
+		pelapor='$pelapor'
+		WHERE id_datang='$id_datang'";
+    $query_ubah = mysqli_query($koneksi, $sql_ubah);
+    
+
+    
+    mysqli_close($koneksi);
+
+    if ($query_ubah) {
+        echo "<script>
+      Swal.fire({title: 'Ubah Data Berhasil',text: '',icon: 'success',confirmButtonText: 'OK'
+      }).then((result) => {if (result.value)
+        {window.location = 'index.php?page=data-datang';
+        }
+      })</script>";
+      }else{
+      echo "<script>
+      Swal.fire({title: 'Ubah Data Gagal',text: '',icon: 'error',confirmButtonText: 'OK'
+      }).then((result) => {if (result.value)
+        {window.location = 'index.php?page=data-datang';
+        }
+      })</script>";
+    }}