<?php
  /*--------
      function: create_dept_info
      purpose: expects an entered Oracle username and
          password and a selected department name, and
          queries for information about that department
          and displays it "nicely"

      uses: hsu_conn_sess
  -------*/

function create_dept_info($username, $password, $dept_choice)
{
    // try to connect to Oracle student database

    $conn = hsu_conn_sess($username, $password);
            
    // try to carefully query for information on chosen
    //     department (note the use of a bind variable
    //     INSTEAD of concatenation!)
    // (also: what if caller is careless...? an additional
    //     strip_tags call won't hurt here, will it?)

    $dept_choice = strip_tags($dept_choice);
    ?>

    <h2> Information about department: <?= $dept_choice ?> </h2>

    <?php
        $dept_info_query = 'select *
                            from dept
                            where dept_name = :dept_choice';
    $dept_info_stmt = oci_parse($conn, $dept_info_query);

    oci_bind_by_name($dept_info_stmt, ":dept_choice", 
                     $dept_choice);
        
    oci_execute($dept_info_stmt, OCI_DEFAULT);
    oci_fetch($dept_info_stmt);
        
    $dept_num = oci_result($dept_info_stmt, "DEPT_NUM");
    $dept_loc = oci_result($dept_info_stmt, "DEPT_LOC");
    ?>

    <ul>
        <li> Department number: <?= $dept_num ?> </li>
        <li> Department location: <?= $dept_loc ?> </li>
    </ul>

    <p> 
        Return to <a href="<?= htmlentities($_SERVER['PHP_SELF'],
                                            ENT_QUOTES) ?>">
        login form</a> 
    </p>

    <?php            
    oci_free_statement($dept_info_stmt);
    oci_close($conn);
}
?>