Documentation Index Fetch the complete documentation index at: https://mintlify.com/ubik69/backEndDevelopment/llms.txt
Use this file to discover all available pages before exploring further.
Overview The Primary School Management System uses HTML forms with POST method to collect data for various entities. All forms are submitted to corresponding PHP files for processing and database insertion.
Add Student
Update Student
Delete Student
File: AddStudent.htmlAction: AddStudent.phpMethod: POSTStudent’s date of birth (maximum date: 2023-04-06)
ID of the parent associated with this student
ID of the class the student is enrolled in
< form method = "post" action = "AddStudent.php" > < label for = "Sname" > Student Name:* </ label > < input type = "text" required name = "Sname" > < label for = "Ssurname" > Student Lastname:* </ label > < input type = "text" required name = "Ssurname" > < label for = "Sbirthday" > Student Birthday:* </ label > < input type = "date" required max = "2023-04-06" name = "Sbirthday" /> < label for = "Parent_ID" > Parent ID:* </ label > < input type = "text" required name = "Parent_ID" > < label for = "Class_ID" > Class ID:* </ label > < input type = "text" required name = "Class_ID" > < input type = "submit" name = "submit" > </ form >
File: UptadeStudent.htmlAction: UptadeStudent.phpMethod: POSTUnique identifier of the student to update
Updated first name for the student
Updated last name for the student
Updated date of birth (maximum date: 2023-04-06)
This form requires the Student ID to identify which record to update.
File: DeleteStudent.htmlAction: DeleteStudent.phpMethod: POSTID of the student to delete from the system
Deleting a student is permanent and cannot be undone.
Add Teacher
Update Teacher
Delete Teacher
File: AddTeacher.htmlAction: AddTeacher.phpMethod: POSTOptional bonus amount for the teacher
Subject or field the teacher specializes in
Complete address of the teacher (50 columns × 10 rows)
Teacher’s mobile phone number
< form method = "post" action = "AddTeacher.php" > < label for = "bonus_amount" > Bonus Amount: </ label > < input type = "text" name = "bonus_amount" /> < label for = "teacher_field" > Teacher Field </ label > < input required type = "text" name = "teacher_field" /> < label for = "Tname" > Teacher First Name: </ label > < input required type = "text" name = "Tname" > < label for = "Tsurname" > Teacher Last Name: </ label > < input required type = "text" name = "Tsurname" > < label for = "Taddress" > Teacher Address: </ label > < textarea required name = "Taddress" cols = "50" rows = "10" ></ textarea > < label for = "Tmobile" > Teacher Mobile: </ label > < input required type = "tel" name = "Tmobile" > < label for = "Temail" > Teacher Email: </ label > < input required type = "email" name = "Temail" /> < input type = "submit" name = "submit" > </ form >
File: UptadeTeacher.htmlAction: UptadeTeacher.phpMethod: POSTUpdates teacher information using Teacher_ID as the identifier. All fields from the Add Teacher form are available for updating. File: DeleteTeacher.htmlAction: DeleteTeacher.phpMethod: POSTID of the teacher to delete from the system
Add Parent
Update Parent
Delete Parent
File: AddParent.htmlAction: AddParent.phpMethod: POSTParent’s complete address (50 columns × 10 rows)
Parent’s email address (optional)
< form method = "post" action = "AddParent.php" > < label for = "Pname" > Parent First Name: </ label > < input required type = "text" name = "Pname" > < label for = "Psurname" > Parent Last Name: </ label > < input required type = "text" name = "Psurname" > < label for = "Paddress" > Parent Address </ label > < textarea required name = "Paddress" cols = "50" rows = "10" ></ textarea > < label for = "Pemail" > Parent Email: </ label > < input type = "email" name = "Pemail" > < input type = "submit" name = "submit" > </ form >
File: UptadeParent.htmlAction: UptadeParent.phpMethod: POSTUpdates parent information using Parent_ID as the identifier. File: DeleteParent.htmlAction: DeleteParent.phpMethod: POSTID of the parent to delete from the system
Add Class
Update Class
Delete Class
File: AddClass.htmlAction: AddClass.phpMethod: POSTName or year of the class (e.g., “Grade 3”, “Year 5”)
Maximum number of students the class can accommodate (minimum: 1)
ID of the teacher assigned to this class
< form method = "post" action = "AddClass.php" > < label for = "classYear" > Class Name: </ label > < input required type = "text" name = "classYear" > < label for = "capacity" > Class Capacity: </ label > < input required type = "number" min = "1" name = "capacity" > < label for = "Teacher_ID" > Teacher ID: </ label > < input type = "text" required name = "Teacher_ID" > < input type = "submit" name = "submit" > </ form >
File: UptadeClass.htmlAction: UptadeClass.phpMethod: POSTUpdates class information using Class_ID as the identifier. File: DeleteClass.htmlAction: DeleteClass.phpMethod: POSTID of the class to delete from the system
Add Salary
Update Salary
Delete Salary
File: AddSalary.htmlAction: AddSalary.phpMethod: POSTID of the teacher to assign salary to
Salary amount for the teacher
Working time type. Options:
partTime - Part-TimefullTime - Full-Time < form method = "post" action = "AddSalary.php" > < label for = "Teacher_ID" > Teacher ID: </ label > < input required type = "text" name = "Teacher_ID" > < label for = "salary_amount" > Salary amount: </ label > < input required type = "text" name = "salary_amount" > < label for = "workingTimes" > Select working type: </ label > < select required id = "workingTimes" name = "workingTimes" > < option value = "partTime" > Part-Time </ option > < option value = "fullTime" > Full-Time </ option > </ select > < input type = "submit" name = "submit" > </ form >
File: UptadeSalary.htmlAction: UptadeSalary.phpMethod: POSTUpdates salary information using Salary_ID as the identifier. File: DeleteSalary.htmlAction: DeleteSalary.phpMethod: POSTID of the salary record to delete
File: AddGymMember.php (combined HTML + PHP)Action: AddGymMember.phpMethod: POSTStudent ID of the gym member
Full name of the gym member
Registration date for gym membership
Membership tier. Options:
bronzeMember - Bronze (30 days validity)silverMember - Silver (60 days validity)goldMember - Gold (90 days validity)diamondMember - Diamond (180 days validity) Any medical conditions (optional)
The system automatically calculates membership expiration date based on the selected member type.
< form method = "post" action = "AddGymMember.php" > < label for = "Sid" > Student ID: </ label > < input required type = "text" name = "Sid" /> < label for = "gymFullName" > Enter full name: </ label > < input required type = "text" name = "gymFullName" > < label for = "userRegDate" > Register Date: </ label > < input required type = "date" name = "userRegDate" > < label for = "memberType" > Member Type: </ label > < select required id = "memberType" name = "memberType" > < option value = "bronzeMember" > Bronze </ option > < option value = "silverMember" > Silver </ option > < option value = "goldMember" > Gold </ option > < option value = "diamondMember" > Diamond </ option > </ select > < label for = "medicalCondition" > Medical Condition (if there're any) </ label > < input type = "text" name = "medicalCondition" > < input type = "submit" name = "submit" > </ form >
File: UptadeGym.htmlAction: UptadeGym.phpMethod: POSTUpdates gym member information using gymMemberID as the identifier.
File: DeleteGymMember.htmlAction: DeleteGymMember.phpMethod: POSTID of the gym member to delete
File: Contact.htmlAction: Contact.phpMethod: POSTThis form allows users to submit inquiries or feedback to the school administration.
Name of the person submitting the contact form
Email address for response (optional)
Message or inquiry content (12 rows × 80 columns)
< form method = "post" action = "Contact.php" > < label for = "contactName" > Name: </ label > < input type = "text" name = "contactName" required > < label for = "returnContact" > Return contact email (optional): </ label > < input type = "email" name = "returnContact" > < label for = "message" > Message: </ label > < textarea name = "message" rows = "12" cols = "80" required ></ textarea > < input type = "submit" name = "submit" > </ form >
HTML5 Validation All forms use HTML5 required attribute for mandatory fields
Input Types Forms utilize appropriate input types (email, tel, date, number) for better UX
Date Constraints Date fields include max attribute to prevent future dates where applicable
Number Constraints Number fields include min attribute to enforce positive values
User Input
User fills out the form with required and optional fields
HTML5 Validation
Browser validates required fields and input types before submission
Form Submission
Form data is sent via POST method to the corresponding PHP file
Server Processing
PHP script processes the data and performs database operations
Feedback
User receives success or error message based on the operation result
The current implementation has several security vulnerabilities:
No CSRF protection
No input sanitization before database insertion
SQL injection vulnerabilities (direct string concatenation in queries)
No server-side validation
Database credentials exposed in source code
Recommended Improvements:
Implement prepared statements with parameterized queries
Add CSRF tokens to all forms
Sanitize and validate all user inputs on the server side
Move database credentials to environment variables
Implement proper error handling and logging
Add rate limiting for form submissions