comparison: www/includes/db_inventory_suppliers.php
www/includes/db_inventory_suppliers.php
- changeset 10
- 606b4af8f918
- child 18
- 395833e20f88
equal
deleted
inserted
replaced
| 9:5b384299cc53 | 10:606b4af8f918 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 require($_SERVER['DOCUMENT_ROOT']."/config.php"); | |
| 4 require($_SERVER['DOCUMENT_ROOT']."/version.php"); | |
| 5 | |
| 6 #Connect to the database | |
| 7 $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); | |
| 8 if (! $connect) { | |
| 9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); | |
| 10 } | |
| 11 | |
| 12 // get data and store in a json array | |
| 13 $query = "SELECT * FROM inventory_suppliers"; | |
| 14 if (isset($_GET['insert'])) { | |
| 15 // INSERT COMMAND | |
| 16 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); | |
| 17 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); | |
| 18 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); | |
| 19 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); | |
| 20 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); | |
| 21 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); | |
| 22 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); | |
| 23 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); | |
| 24 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); | |
| 25 $sql .= "';"; | |
| 26 error_log("\"$sql\""); | |
| 27 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); | |
| 28 error_log("result " . $result); | |
| 29 echo $result; | |
| 30 | |
| 31 } else if (isset($_GET['update'])) { | |
| 32 // UPDATE COMMAND | |
| 33 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); | |
| 34 $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); | |
| 35 $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); | |
| 36 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); | |
| 37 $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); | |
| 38 $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); | |
| 39 $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); | |
| 40 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); | |
| 41 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); | |
| 42 $sql .= "' WHERE record='" . $_GET['record'] . "';"; | |
| 43 error_log("\"$sql\""); | |
| 44 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); | |
| 45 error_log("result " . $result); | |
| 46 echo $result; | |
| 47 | |
| 48 } else if (isset($_GET['delete'])) { | |
| 49 // DELETE COMMAND | |
| 50 // FIXME: need to check if the record is in use | |
| 51 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; | |
| 52 error_log("\"$sql\""); | |
| 53 $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); | |
| 54 error_log("result " . $result); | |
| 55 echo $result; | |
| 56 | |
| 57 } else { | |
| 58 // SELECT COMMAND | |
| 59 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); | |
| 60 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { | |
| 61 $suppliers[] = array( | |
| 62 'record' => $row['record'], | |
| 63 'name' => $row['name'], | |
| 64 'address' => $row['address'], | |
| 65 'city' => $row['city'], | |
| 66 'zip' => $row['zip'], | |
| 67 'country' => $row['country'], | |
| 68 'website' => $row['website'], | |
| 69 'email' => $row['email'], | |
| 70 'phone' => $row['phone'], | |
| 71 'notes' => $row['notes'] | |
| 72 ); | |
| 73 } | |
| 74 echo json_encode($suppliers); | |
| 75 } | |
| 76 ?> |
