|
1 <?php |
|
2 |
|
3 require($_SERVER['DOCUMENT_ROOT']."/config.php"); |
|
4 require($_SERVER['DOCUMENT_ROOT']."/version.php"); |
|
5 |
|
6 #Connect to the database |
|
7 $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); |
|
8 if (! $connect) { |
|
9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); |
|
10 } |
|
11 |
|
12 // get data and store in a json array |
|
13 $query = "SELECT * FROM inventory_suppliers"; |
|
14 if (isset($_GET['insert'])) { |
|
15 // INSERT COMMAND |
|
16 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
|
17 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); |
|
18 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); |
|
19 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); |
|
20 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); |
|
21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
|
22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
|
23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
|
24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
|
25 $sql .= "';"; |
|
26 error_log("\"$sql\""); |
|
27 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); |
|
28 error_log("result " . $result); |
|
29 echo $result; |
|
30 |
|
31 } else if (isset($_GET['update'])) { |
|
32 // UPDATE COMMAND |
|
33 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); |
|
34 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); |
|
35 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); |
|
36 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); |
|
37 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); |
|
38 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); |
|
39 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); |
|
40 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); |
|
41 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); |
|
42 $sql .= "' WHERE record='" . $_GET['record'] . "';"; |
|
43 error_log("\"$sql\""); |
|
44 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); |
|
45 error_log("result " . $result); |
|
46 echo $result; |
|
47 |
|
48 } else if (isset($_GET['delete'])) { |
|
49 // DELETE COMMAND |
|
50 // FIXME: need to check if the record is in use |
|
51 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; |
|
52 error_log("\"$sql\""); |
|
53 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); |
|
54 error_log("result " . $result); |
|
55 echo $result; |
|
56 |
|
57 } else { |
|
58 // SELECT COMMAND |
|
59 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); |
|
60 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { |
|
61 $suppliers[] = array( |
|
62 'record' => $row['record'], |
|
63 'name' => $row['name'], |
|
64 'address' => $row['address'], |
|
65 'city' => $row['city'], |
|
66 'zip' => $row['zip'], |
|
67 'country' => $row['country'], |
|
68 'website' => $row['website'], |
|
69 'email' => $row['email'], |
|
70 'phone' => $row['phone'], |
|
71 'notes' => $row['notes'] |
|
72 ); |
|
73 } |
|
74 echo json_encode($suppliers); |
|
75 } |
|
76 ?> |