--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/www/includes/db_inventory_suppliers.php Sat Aug 11 22:49:44 2018 +0200 @@ -0,0 +1,76 @@ +<?php + +require($_SERVER['DOCUMENT_ROOT']."/config.php"); +require($_SERVER['DOCUMENT_ROOT']."/version.php"); + +#Connect to the database +$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); +if (! $connect) { + die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); +} + +// get data and store in a json array +$query = "SELECT * FROM inventory_suppliers"; +if (isset($_GET['insert'])) { + // INSERT COMMAND + $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); + $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); + $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); + $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); + $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); + $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); + $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); + $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); + $sql .= "';"; + error_log("\"$sql\""); + $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); + error_log("result " . $result); + echo $result; + +} else if (isset($_GET['update'])) { + // UPDATE COMMAND + $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']); + $sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']); + $sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']); + $sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']); + $sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']); + $sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']); + $sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']); + $sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']); + $sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']); + $sql .= "' WHERE record='" . $_GET['record'] . "';"; + error_log("\"$sql\""); + $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); + error_log("result " . $result); + echo $result; + +} else if (isset($_GET['delete'])) { + // DELETE COMMAND + // FIXME: need to check if the record is in use + $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';"; + error_log("\"$sql\""); + $result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect)); + error_log("result " . $result); + echo $result; + +} else { + // SELECT COMMAND + $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); + while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { + $suppliers[] = array( + 'record' => $row['record'], + 'name' => $row['name'], + 'address' => $row['address'], + 'city' => $row['city'], + 'zip' => $row['zip'], + 'country' => $row['country'], + 'website' => $row['website'], + 'email' => $row['email'], + 'phone' => $row['phone'], + 'notes' => $row['notes'] + ); + } + echo json_encode($suppliers); +} +?>