diff -r 00e610fc3571 -r ca6b3d4f5a97 www/includes/db_inventory_suppliers.php --- a/www/includes/db_inventory_suppliers.php Wed Aug 10 11:43:19 2022 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,106 +0,0 @@ - false, - 'msg' => 'Ok', -); - -// get data and store in a json array -$query = "SELECT * FROM inventory_suppliers ORDER BY name"; -if (isset($_POST['insert'])) { - // INSERT COMMAND - $sql = "INSERT INTO `inventory_suppliers` SET "; - if (isset($_POST['uuid']) && (strlen($_POST['uuid']) == 36)) { - $sql .= "uuid='" . $_POST['uuid']; - } else { - $uuid = str_replace("\n", "", file_get_contents('/proc/sys/kernel/random/uuid')); - $sql .= "uuid='" . $uuid; - } - $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']); - $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); - $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); - $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); - $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); - $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); - $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); - $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); - $sql .= "';"; - $result = mysqli_query($connect, $sql); - if (! $result) { - syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); - $response['error'] = true; - $response['msg'] = "SQL fout: ".mysqli_error($connect); - } - exit(json_encode($response)); - -} else if (isset($_POST['update'])) { - // UPDATE COMMAND - $sql = "UPDATE `inventory_suppliers` SET uuid='" . $_POST['uuid']; - $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']); - $sql .= "', address='" . mysqli_real_escape_string($connect, $_POST['address']); - $sql .= "', city='" . mysqli_real_escape_string($connect, $_POST['city']); - $sql .= "', zip='" . mysqli_real_escape_string($connect, $_POST['zip']); - $sql .= "', country='" . mysqli_real_escape_string($connect, $_POST['country']); - $sql .= "', website='" . mysqli_real_escape_string($connect, $_POST['website']); - $sql .= "', email='" . mysqli_real_escape_string($connect, $_POST['email']); - $sql .= "', phone='" . mysqli_real_escape_string($connect, $_POST['phone']); - $sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']); - $sql .= "' WHERE record='" . $_POST['record'] . "';"; - $result = mysqli_query($connect, $sql); - if (! $result) { - syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); - $response['error'] = true; - $response['msg'] = "SQL fout: ".mysqli_error($connect); - } - exit(json_encode($response)); - -} else if (isset($_POST['delete'])) { - // DELETE COMMAND - $sql = "DELETE FROM `inventory_suppliers` WHERE record='".$_POST['record']."';"; - $result = mysqli_query($connect, $sql); - if (! $result) { - syslog(LOG_NOTICE, "db_inventory_suppliers: ".$sql." result: ".mysqli_error($connect)); - $response['error'] = true; - $response['msg'] = "SQL fout: ".mysqli_error($connect); - } - exit(json_encode($response)); - -} else { - // SELECT COMMAND - $result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect)); - while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { - $suppliers[] = array( - 'record' => $row['record'], - 'uuid' => $row['uuid'], - 'name' => $row['name'], - 'address' => $row['address'], - 'city' => $row['city'], - 'zip' => $row['zip'], - 'country' => $row['country'], - 'website' => $row['website'], - 'email' => $row['email'], - 'phone' => $row['phone'], - 'notes' => $row['notes'] - ); - } - header("Content-type: application/json"); - exit(json_encode($suppliers)); -} - -syslog(LOG_NOTICE, "db_inventory_suppliers: missing arguments"); -$response['error'] = true; -$response['msg'] = "missing arguments"; -echo json_encode($response); - -?>