www/includes/db_inventory_suppliers.php@ccb9f24d0fe9
www/includes/db_inventory_suppliers.php
Wed, 20 May 2020 21:49:09 +0200
- author
- Michiel Broek <mbroek@mbse.eu>
- date
- Wed, 20 May 2020 21:49:09 +0200
- changeset 684
- ccb9f24d0fe9
- parent 296
- 69fadd1aded2
- child 715
- 8fb922c00a2d
- permissions
- -rw-r--r--
Report any online status change via websocket broadcast. When starting, load all in memory tables sorted. The websocket status on the web pages has it's own panel. Prepared the menu system for dynamic updates.
<?php require($_SERVER['DOCUMENT_ROOT']."/config.php"); require($_SERVER['DOCUMENT_ROOT']."/version.php"); #Connect to the database $connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME); if (! $connect) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } mysqli_set_charset($connect, "utf8" ); // get data and store in a json array $query = "SELECT * FROM inventory_suppliers ORDER BY name"; if (isset($_POST['insert'])) { // INSERT COMMAND $sql = "INSERT INTO `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); $sql .= "';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); } else { syslog(LOG_NOTICE, "db_inventory_suppliers: inserted ".$_POST['name']); } echo $result; } else if (isset($_POST['update'])) { // UPDATE COMMAND $sql = "UPDATE `inventory_suppliers` SET name='" . mysqli_real_escape_string($connect, $_POST['name']); $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); $sql .= "' WHERE record='" . $_POST['record'] . "';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); } else { syslog(LOG_NOTICE, "db_inventory_suppliers: updated record ".$_POST['record']); } echo $result; } else if (isset($_POST['delete'])) { // DELETE COMMAND // FIXME: need to check if the record is in use $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_POST['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); } else { syslog(LOG_NOTICE, "db_inventory_suppliers: deleted record ".$_POST['record']); } echo $result; } else { // SELECT COMMAND $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $suppliers[] = array( 'record' => $row['record'], 'name' => $row['name'], 'address' => $row['address'], 'city' => $row['city'], 'zip' => $row['zip'], 'country' => $row['country'], 'website' => $row['website'], 'email' => $row['email'], 'phone' => $row['phone'], 'notes' => $row['notes'] ); } header("Content-type: application/json"); echo json_encode($suppliers); } ?>
