www/includes/db_inventory_suppliers.php

changeset 64
5d5fc6f7cbfe
parent 18
395833e20f88
child 77
a9f8de2d7b2b
equal deleted inserted replaced
63:1d1e3002f26b 64:5d5fc6f7cbfe
8 if (! $connect) { 8 if (! $connect) {
9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); 9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
10 } 10 }
11 11
12 // get data and store in a json array 12 // get data and store in a json array
13 $query = "SELECT * FROM inventory_suppliers"; 13 $query = "SELECT * FROM inventory_suppliers ORDER BY name";
14 if (isset($_GET['insert'])) { 14 if (isset($_POST['insert'])) {
15 // INSERT COMMAND 15 // INSERT COMMAND
16 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); 16 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']);
17 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); 17 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']);
18 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); 18 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']);
19 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); 19 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']);
20 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); 20 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']);
21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); 21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']);
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); 22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']);
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); 23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']);
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); 24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
25 $sql .= "';"; 25 $sql .= "';";
26 $result = mysqli_query($connect, $sql); 26 $result = mysqli_query($connect, $sql);
27 if (! $result) { 27 if (! $result) {
28 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); 28 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect));
29 } else { 29 } else {
30 syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_GET['name']); 30 syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_POST['name']);
31 } 31 }
32 echo $result; 32 echo $result;
33 33
34 } else if (isset($_GET['update'])) { 34 } else if (isset($_POST['update'])) {
35 // UPDATE COMMAND 35 // UPDATE COMMAND
36 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); 36 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']);
37 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); 37 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']);
38 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); 38 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']);
39 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); 39 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']);
40 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); 40 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']);
41 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); 41 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']);
42 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); 42 $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']);
43 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); 43 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']);
44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); 44 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
45 $sql .= "' WHERE record='" . $_GET['record'] . "';"; 45 $sql .= "' WHERE record='" . $_POST['record'] . "';";
46 $result = mysqli_query($connect, $sql); 46 $result = mysqli_query($connect, $sql);
47 if (! $result) { 47 if (! $result) {
48 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); 48 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect));
49 } else { 49 } else {
50 syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_GET['record']); 50 syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_POST['record']);
51 } 51 }
52 echo $result; 52 echo $result;
53 53
54 } else if (isset($_GET['delete'])) { 54 } else if (isset($_POST['delete'])) {
55 // DELETE COMMAND 55 // DELETE COMMAND
56 // FIXME: need to check if the record is in use 56 // FIXME: need to check if the record is in use
57 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; 57 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_POST['record']."';";
58 $result = mysqli_query($connect, $sql); 58 $result = mysqli_query($connect, $sql);
59 if (! $result) { 59 if (! $result) {
60 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); 60 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect));
61 } else { 61 } else {
62 syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_GET['record']); 62 syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_POST['record']);
63 } 63 }
64 echo $result; 64 echo $result;
65 65
66 } else { 66 } else {
67 // SELECT COMMAND 67 // SELECT COMMAND

mercurial