Mercurial > bms / file comparison

comparison: www/includes/db_inventory_suppliers.php

www/includes/db_inventory_suppliers.php

changeset 785
aa79acfdf8a9
parent 767
08c0343b622b
equal deleted inserted replaced
784:d51b05838ac4 785:aa79acfdf8a9
17 17
18 // get data and store in a json array 18 // get data and store in a json array
19 $query = "SELECT * FROM inventory_suppliers ORDER BY name"; 19 $query = "SELECT * FROM inventory_suppliers ORDER BY name";
20 if (isset($_POST['insert'])) { 20 if (isset($_POST['insert'])) {
21 // INSERT COMMAND 21 // INSERT COMMAND
22 $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); 22 $sql = "INSERT INTO `inventory_suppliers` SET ";
23 if (isset($_POST['uuid']) && (strlen($_POST['uuid']) == 36)) {
24 $sql .= "uuid='" . $_POST['uuid'];
25 } else {
26 $uuid = str_replace("\n", "", file_get_contents('/proc/sys/kernel/random/uuid'));
27 $sql .= "uuid='" . $uuid;
28 }
29 $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']);
23 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); 30 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']);
24 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); 31 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']);
25 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); 32 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']);
26 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); 33 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']);
27 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); 34 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']);
37 } 44 }
38 exit(json_encode($response)); 45 exit(json_encode($response));
39 46
40 } else if (isset($_POST['update'])) { 47 } else if (isset($_POST['update'])) {
41 // UPDATE COMMAND 48 // UPDATE COMMAND
42 $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); 49 $sql = "UPDATE `inventory_suppliers` SET uuid='" . $_POST['uuid'];
50 $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']);
43 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); 51 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']);
44 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); 52 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']);
45 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); 53 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']);
46 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); 54 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']);
47 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); 55 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']);
72 // SELECT COMMAND 80 // SELECT COMMAND
73 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); 81 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
74 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { 82 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
75 $suppliers[] = array( 83 $suppliers[] = array(
76 'record' => $row['record'], 84 'record' => $row['record'],
85 'uuid' => $row['uuid'],
77 'name' => $row['name'], 86 'name' => $row['name'],
78 'address' => $row['address'], 87 'address' => $row['address'],
79 'city' => $row['city'], 88 'city' => $row['city'],
80 'zip' => $row['zip'], 89 'zip' => $row['zip'],
81 'country' => $row['country'], 90 'country' => $row['country'],

Mercurial Repository: bms

mercurial