21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
25 $sql .= "';"; |
25 $sql .= "';"; |
26 error_log("\"$sql\""); |
26 $result = mysqli_query($connect, $sql); |
27 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); |
27 if (! $result) { |
28 error_log("result " . $result); |
28 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
|
29 } else { |
|
30 syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_GET['name']); |
|
31 } |
29 echo $result; |
32 echo $result; |
30 |
33 |
31 } else if (isset($_GET['update'])) { |
34 } else if (isset($_GET['update'])) { |
32 // UPDATE COMMAND |
35 // UPDATE COMMAND |
33 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
36 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
38 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
41 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
39 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
42 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
40 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
43 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
41 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
42 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
45 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
43 error_log("\"$sql\""); |
46 $result = mysqli_query($connect, $sql); |
44 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); |
47 if (! $result) { |
45 error_log("result " . $result); |
48 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
|
49 } else { |
|
50 syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_GET['record']); |
|
51 } |
46 echo $result; |
52 echo $result; |
47 |
53 |
48 } else if (isset($_GET['delete'])) { |
54 } else if (isset($_GET['delete'])) { |
49 // DELETE COMMAND |
55 // DELETE COMMAND |
50 // FIXME: need to check if the record is in use |
56 // FIXME: need to check if the record is in use |
51 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; |
57 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; |
52 error_log("\"$sql\""); |
58 $result = mysqli_query($connect, $sql); |
53 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); |
59 if (! $result) { |
54 error_log("result " . $result); |
60 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
|
61 } else { |
|
62 syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_GET['record']); |
|
63 } |
55 echo $result; |
64 echo $result; |
56 |
65 |
57 } else { |
66 } else { |
58 // SELECT COMMAND |
67 // SELECT COMMAND |
59 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); |
68 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); |