8 if (! $connect) { |
8 if (! $connect) { |
9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); |
9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); |
10 } |
10 } |
11 |
11 |
12 // get data and store in a json array |
12 // get data and store in a json array |
13 $query = "SELECT * FROM inventory_suppliers"; |
13 $query = "SELECT * FROM inventory_suppliers ORDER BY name"; |
14 if (isset($_GET['insert'])) { |
14 if (isset($_POST['insert'])) { |
15 // INSERT COMMAND |
15 // INSERT COMMAND |
16 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
16 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); |
17 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); |
17 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); |
18 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); |
18 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); |
19 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); |
19 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); |
20 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); |
20 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); |
21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); |
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); |
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); |
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); |
25 $sql .= "';"; |
25 $sql .= "';"; |
26 $result = mysqli_query($connect, $sql); |
26 $result = mysqli_query($connect, $sql); |
27 if (! $result) { |
27 if (! $result) { |
28 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
28 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
29 } else { |
29 } else { |
30 syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_GET['name']); |
30 syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_POST['name']); |
31 } |
31 } |
32 echo $result; |
32 echo $result; |
33 |
33 |
34 } else if (isset($_GET['update'])) { |
34 } else if (isset($_POST['update'])) { |
35 // UPDATE COMMAND |
35 // UPDATE COMMAND |
36 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
36 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); |
37 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); |
37 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); |
38 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); |
38 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); |
39 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); |
39 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); |
40 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); |
40 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); |
41 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
41 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); |
42 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
42 $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); |
43 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
43 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); |
44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); |
45 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
45 $sql .= "' WHERE record='" . $_POST['record'] . "';"; |
46 $result = mysqli_query($connect, $sql); |
46 $result = mysqli_query($connect, $sql); |
47 if (! $result) { |
47 if (! $result) { |
48 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
48 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
49 } else { |
49 } else { |
50 syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_GET['record']); |
50 syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_POST['record']); |
51 } |
51 } |
52 echo $result; |
52 echo $result; |
53 |
53 |
54 } else if (isset($_GET['delete'])) { |
54 } else if (isset($_POST['delete'])) { |
55 // DELETE COMMAND |
55 // DELETE COMMAND |
56 // FIXME: need to check if the record is in use |
56 // FIXME: need to check if the record is in use |
57 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; |
57 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_POST['record']."';"; |
58 $result = mysqli_query($connect, $sql); |
58 $result = mysqli_query($connect, $sql); |
59 if (! $result) { |
59 if (! $result) { |
60 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
60 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); |
61 } else { |
61 } else { |
62 syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_GET['record']); |
62 syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_POST['record']); |
63 } |
63 } |
64 echo $result; |
64 echo $result; |
65 |
65 |
66 } else { |
66 } else { |
67 // SELECT COMMAND |
67 // SELECT COMMAND |