Comprobado toda la logica/seguridad.

En teoria falta actualizar la estructura a como me dijo oscar esta mañana? algo asi

panel_manager/includes/session_dao.php

@@ -3,16 +3,16 @@
 	include_once('session_dto.php');
 
     class SessionDAO extends DAO {
-
 		//Constructor:
         function __construct($bd_name){
 			parent::__construct($bd_name);
         }
-
 		//Methods:
-
-        //Create a new Session.
+		
 		public function createSession($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
+			$format = $this->mysqli->real_escape_string($format);	
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			$startTime = date('H:i:s', strtotime( $startTime ) );
 			
 			$sql = sprintf( "INSERT INTO `session` (`id`, `idfilm`, `idhall`, `idcinema`, `date`, `start_time`, `seat_price`, `format`) 
 				VALUES ('%d', '%d', '%d', '%d', '%s', '%s', '%d', '%s')",
@@ -29,25 +29,30 @@
 			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database en sessionData con la id '. $id);
 
 			return $resul;
-		}
+		}	
 		
-		//Returns a query to check if the session in this cinema, hall and scheudle exists.
-		public function selectSession($cinema, $hall, $start, $date){
-			if($start == null){	
-				$sql = sprintf( "SELECT * FROM session WHERE 
-							idcinema = '%s' AND idhall = '%s' AND date = '%s'", 
-							$cinema, $hall, $date);			
-			}else{
-				$sql = sprintf( "SELECT * FROM session WHERE 
+		//Returns the count of the session searched
+		public function searchSession($cinema, $hall, $startTime, $date){
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			$startTime = date('H:i:s', strtotime( $startTime ) );
+			
+			$sql = sprintf( "SELECT COUNT(*) FROM session WHERE 
 							idcinema = '%s' AND idhall = '%s' AND date = '%s' AND start_time = '%s'", 
-							$cinema, $hall, $date, $start);	
-			}
+							$cinema, $hall, $date, $startTime);	
 			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
-			return $resul;
+			
+			$session = null;
+			$session = mysqli_fetch_array($resul);
+			
+			mysqli_free_result($resul);
+			
+			return $session[0];
 		}
 		
-		
-		public function getAllSessionsFromDateHallAndCinema($cinema, $hall, $date){
+		//Returns a query to get all the session's data.
+		public function getAllSessionsFromACinemaHallDate($cinema, $hall, $date){
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			
 			$sql = sprintf( "SELECT * FROM session WHERE 
 							idcinema = '%s' AND idhall = '%s' AND date = '%s'", 
 							$cinema, $hall, $date);	
@@ -58,15 +63,16 @@
 			while($fila=mysqli_fetch_array($resul)){
 				$sessions[] = $this->loadSession($fila["id"], $fila["idfilm"], $fila["idhall"], $fila["idcinema"], $fila["date"], $fila["start_time"], $fila["seat_price"], $fila["format"]);
 			}
-			
 			mysqli_free_result($resul);
 			
 			return $sessions;
 		}
 		
-		//Edit Session.
         public function editSession($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
-
+			$format = $this->mysqli->real_escape_string($format);
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			$startTime = date('H:i:s', strtotime( $startTime ) );
+			
             $sql = sprintf( "UPDATE `session`
                              SET `idfilm` = '%d' , `idhall` = '%d', `idcinema` = '%d', `date` = '%s',
                                   `start_time` = '%s', `seat_price` = '%d', `format` = '%s'
@@ -78,7 +84,6 @@
             return $resul;
         }
 
-        //Delete Session.
         public function deleteSession($id){
 
             $sql = sprintf( "DELETE FROM `session` WHERE `session`.`id` = '%d';",$id);
@@ -88,7 +93,6 @@
             return $resul;
         }
 		
-		
 		//Create a new Session Data Transfer Object.
 		public function loadSession( $id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
 			return new SessionDTO( $id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format);