Mercurial > bms / file comparison

comparison: www/includes/db_inventory_suppliers.php

www/includes/db_inventory_suppliers.php

changeset 18
395833e20f88
parent 10
606b4af8f918
child 64
5d5fc6f7cbfe
equal deleted inserted replaced
17:bb97e0de63cf 18:395833e20f88
21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); 21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']);
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); 22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']);
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); 23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']);
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); 24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
25 $sql .= "';"; 25 $sql .= "';";
26 error_log("\"$sql\""); 26 $result = mysqli_query($connect, $sql);
27 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); 27 if (! $result) {
28 error_log("result " . $result); 28 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect));
29 } else {
30 syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_GET['name']);
31 }
29 echo $result; 32 echo $result;
30 33
31 } else if (isset($_GET['update'])) { 34 } else if (isset($_GET['update'])) {
32 // UPDATE COMMAND 35 // UPDATE COMMAND
33 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); 36 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
38 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); 41 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']);
39 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); 42 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']);
40 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); 43 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']);
41 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); 44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
42 $sql .= "' WHERE record='" . $_GET['record'] . "';"; 45 $sql .= "' WHERE record='" . $_GET['record'] . "';";
43 error_log("\"$sql\""); 46 $result = mysqli_query($connect, $sql);
44 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); 47 if (! $result) {
45 error_log("result " . $result); 48 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect));
49 } else {
50 syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_GET['record']);
51 }
46 echo $result; 52 echo $result;
47 53
48 } else if (isset($_GET['delete'])) { 54 } else if (isset($_GET['delete'])) {
49 // DELETE COMMAND 55 // DELETE COMMAND
50 // FIXME: need to check if the record is in use 56 // FIXME: need to check if the record is in use
51 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; 57 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';";
52 error_log("\"$sql\""); 58 $result = mysqli_query($connect, $sql);
53 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); 59 if (! $result) {
54 error_log("result " . $result); 60 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect));
61 } else {
62 syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_GET['record']);
63 }
55 echo $result; 64 echo $result;
56 65
57 } else { 66 } else {
58 // SELECT COMMAND 67 // SELECT COMMAND
59 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); 68 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));

Mercurial Repository: bms

mercurial