comparison: www/includes/db_inventory_suppliers.php
www/includes/db_inventory_suppliers.php
- changeset 835
- ca6b3d4f5a97
- parent 834
- 00e610fc3571
- child 836
- 409f8c497429
equal
deleted
inserted
replaced
| 834:00e610fc3571 | 835:ca6b3d4f5a97 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 require($_SERVER['DOCUMENT_ROOT']."/config.php"); | |
| 4 require($_SERVER['DOCUMENT_ROOT']."/version.php"); | |
| 5 | |
| 6 #Connect to the database | |
| 7 $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); | |
| 8 if (! $connect) { | |
| 9 die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); | |
| 10 } | |
| 11 mysqli_set_charset($connect, "utf8" ); | |
| 12 | |
| 13 $response = array( | |
| 14 'error' => false, | |
| 15 'msg' => 'Ok', | |
| 16 ); | |
| 17 | |
| 18 // get data and store in a json array | |
| 19 $query = "SELECT * FROM inventory_suppliers ORDER BY name"; | |
| 20 if (isset($_POST['insert'])) { | |
| 21 // INSERT COMMAND | |
| 22 $sql = "INSERT INTO `inventory_suppliers` SET "; | |
| 23 if (isset($_POST['uuid']) && (strlen($_POST['uuid']) == 36)) { | |
| 24 $sql .= "uuid='" . $_POST['uuid']; | |
| 25 } else { | |
| 26 $uuid = str_replace("\n", "", file_get_contents('/proc/sys/kernel/random/uuid')); | |
| 27 $sql .= "uuid='" . $uuid; | |
| 28 } | |
| 29 $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']); | |
| 30 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); | |
| 31 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); | |
| 32 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); | |
| 33 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); | |
| 34 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); | |
| 35 $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); | |
| 36 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); | |
| 37 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); | |
| 38 $sql .= "';"; | |
| 39 $result = mysqli_query($connect, $sql); | |
| 40 if (! $result) { | |
| 41 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); | |
| 42 $response['error'] = true; | |
| 43 $response['msg'] = "SQL fout: ".mysqli_error($connect); | |
| 44 } | |
| 45 exit(json_encode($response)); | |
| 46 | |
| 47 } else if (isset($_POST['update'])) { | |
| 48 // UPDATE COMMAND | |
| 49 $sql = "UPDATE `inventory_suppliers` SET uuid='" . $_POST['uuid']; | |
| 50 $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']); | |
| 51 $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); | |
| 52 $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); | |
| 53 $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); | |
| 54 $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); | |
| 55 $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); | |
| 56 $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); | |
| 57 $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); | |
| 58 $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); | |
| 59 $sql .= "' WHERE record='" . $_POST['record'] . "';"; | |
| 60 $result = mysqli_query($connect, $sql); | |
| 61 if (! $result) { | |
| 62 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); | |
| 63 $response['error'] = true; | |
| 64 $response['msg'] = "SQL fout: ".mysqli_error($connect); | |
| 65 } | |
| 66 exit(json_encode($response)); | |
| 67 | |
| 68 } else if (isset($_POST['delete'])) { | |
| 69 // DELETE COMMAND | |
| 70 $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_POST['record']."';"; | |
| 71 $result = mysqli_query($connect, $sql); | |
| 72 if (! $result) { | |
| 73 syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); | |
| 74 $response['error'] = true; | |
| 75 $response['msg'] = "SQL fout: ".mysqli_error($connect); | |
| 76 } | |
| 77 exit(json_encode($response)); | |
| 78 | |
| 79 } else { | |
| 80 // SELECT COMMAND | |
| 81 $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); | |
| 82 while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { | |
| 83 $suppliers[] = array( | |
| 84 'record' => $row['record'], | |
| 85 'uuid' => $row['uuid'], | |
| 86 'name' => $row['name'], | |
| 87 'address' => $row['address'], | |
| 88 'city' => $row['city'], | |
| 89 'zip' => $row['zip'], | |
| 90 'country' => $row['country'], | |
| 91 'website' => $row['website'], | |
| 92 'email' => $row['email'], | |
| 93 'phone' => $row['phone'], | |
| 94 'notes' => $row['notes'] | |
| 95 ); | |
| 96 } | |
| 97 header("Content-type: application/json"); | |
| 98 exit(json_encode($suppliers)); | |
| 99 } | |
| 100 | |
| 101 syslog(LOG_NOTICE, "db_inventory_suppliers: missing arguments"); | |
| 102 $response['error'] = true; | |
| 103 $response['msg'] = "missing arguments"; | |
| 104 echo json_encode($response); | |
| 105 | |
| 106 ?> |
