Mercurial > bms / file diff

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/www/includes/db_inventory_suppliers.php	Sat Aug 11 22:49:44 2018 +0200
@@ -0,0 +1,76 @@
+<?php
+
+require($_SERVER['DOCUMENT_ROOT']."/config.php");
+require($_SERVER['DOCUMENT_ROOT']."/version.php");
+
+#Connect to the database
+$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME);
+if (! $connect) {
+	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
+}
+
+// get data and store in a json array
+$query = "SELECT * FROM inventory_suppliers";
+if (isset($_GET['insert'])) {
+	// INSERT COMMAND
+	$sql  = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
+	$sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']);
+	$sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']);
+	$sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']);
+	$sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']);
+	$sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']);
+	$sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']);
+	$sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']);
+	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
+	$sql .= "';";
+	error_log("\"$sql\"");
+	$result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect));
+	error_log("result " . $result);
+	echo $result;
+
+} else if (isset($_GET['update'])) {
+	// UPDATE COMMAND
+	$sql  = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
+	$sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']);
+	$sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']);
+	$sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']);
+	$sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']);
+	$sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']);
+	$sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']);
+	$sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']);
+	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
+	$sql .= "' WHERE record='" . $_GET['record'] . "';";
+	error_log("\"$sql\"");
+	$result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect));
+	error_log("result " . $result);
+	echo $result;
+
+} else if (isset($_GET['delete'])) {
+	// DELETE COMMAND
+	// FIXME: need to check if the record is in use
+	$sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';";
+	error_log("\"$sql\"");
+	$result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect));
+	error_log("result " . $result);
+	echo $result;
+
+} else {
+	// SELECT COMMAND
+	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
+	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
+		$suppliers[] = array(
+			'record' => $row['record'],
+			'name' => $row['name'],
+			'address' => $row['address'],
+			'city' => $row['city'],
+			'zip' => $row['zip'],
+			'country' => $row['country'],
+			'website' => $row['website'],
+			'email' => $row['email'],
+			'phone' => $row['phone'],
+			'notes' => $row['notes']
+		);
+	}
+	echo json_encode($suppliers);
+}
+?>