www/includes/db_inventory_suppliers.php

Sat, 11 Aug 2018 22:49:44 +0200

author
Michiel Broek <mbroek@mbse.eu>
date
Sat, 11 Aug 2018 22:49:44 +0200
changeset 10
606b4af8f918
child 18
395833e20f88
permissions
-rw-r--r--

Start of the merge with another unfinished project

<?php

require($_SERVER['DOCUMENT_ROOT']."/config.php");
require($_SERVER['DOCUMENT_ROOT']."/version.php");

#Connect to the database
$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME);
if (! $connect) {
	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}

// get data and store in a json array
$query = "SELECT * FROM inventory_suppliers";
if (isset($_GET['insert'])) {
	// INSERT COMMAND
	$sql  = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
	$sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']);
	$sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']);
	$sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']);
	$sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']);
	$sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']);
	$sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']);
	$sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']);
	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
	$sql .= "';";
	error_log("\"$sql\"");
	$result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect));
	error_log("result " . $result);
	echo $result;

} else if (isset($_GET['update'])) {
	// UPDATE COMMAND
	$sql  = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
	$sql .= "', address='" . mysqli_real_escape_string($connect, $_GET['address']);
	$sql .= "', city='" . mysqli_real_escape_string($connect, $_GET['city']);
	$sql .= "', zip='" . mysqli_real_escape_string($connect, $_GET['zip']);
	$sql .= "', country='" . mysqli_real_escape_string($connect, $_GET['country']);
	$sql .= "', website='" . mysqli_real_escape_string($connect, $_GET['website']);
	$sql .= "', email='" . mysqli_real_escape_string($connect, $_GET['email']);
	$sql .= "', phone='" . mysqli_real_escape_string($connect, $_GET['phone']);
	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
	$sql .= "' WHERE record='" . $_GET['record'] . "';";
	error_log("\"$sql\"");
	$result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect));
	error_log("result " . $result);
	echo $result;

} else if (isset($_GET['delete'])) {
	// DELETE COMMAND
	// FIXME: need to check if the record is in use
	$sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_GET['record']."';";
	error_log("\"$sql\"");
	$result = mysqli_query($connect, $sql) or die("SQL Error 1: " . mysqli_error($connect));
	error_log("result " . $result);
	echo $result;

} else {
	// SELECT COMMAND
	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
		$suppliers[] = array(
			'record' => $row['record'],
			'name' => $row['name'],
			'address' => $row['address'],
			'city' => $row['city'],
			'zip' => $row['zip'],
			'country' => $row['country'],
			'website' => $row['website'],
			'email' => $row['email'],
			'phone' => $row['phone'],
			'notes' => $row['notes']
		);
	}
	echo json_encode($suppliers);
}
?>

mercurial