public function put($rest, $id) { $req = $rest->request(); $info = $req->post(); $sup = get_supplier($id); if ($sup == null) { api_error(400, 'Invalid Supplier ID'); } // Validate Required Fields if (!isset($info['supp_name'])) { api_error(412, 'Supplier Name is required [supp_name]'); } if (!isset($info['supp_ref'])) { api_error(412, 'Supplier Reference is required [supp_ref]'); } if (!isset($info['address'])) { api_error(412, 'Address is required [address]'); } if (!isset($info['supp_address'])) { api_error(412, 'Supplier Address 2 is required [supp_address]'); } if (!isset($info['gst_no'])) { api_error(412, 'GST No. is required [gst_no]'); } if (!isset($info['supp_account_no'])) { api_error(412, 'Supplier Account Number is required [supp_account_no]'); } if (!isset($info['bank_account'])) { api_error(412, 'Bank Account is required [bank_account]'); } if (!isset($info['credit_limit'])) { api_error(412, 'Credit Limir is required [credit_limit]'); } if (!isset($info['curr_code'])) { api_error(412, 'Currency Code is required [curr_code]'); } if (!isset($info['payment_terms'])) { api_error(412, 'Payment Terms is required [payment_terms]'); } if (!isset($info['payable_account'])) { api_error(412, 'Payable Account is required [payable_account]'); } if (!isset($info['purchase_account'])) { api_error(412, 'Purchase Account is required [purchase_account]'); } if (!isset($info['payment_discount_account'])) { api_error(412, 'Payment Discount Account is required [payment_discount]'); } if (!isset($info['tax_group_id'])) { api_error(412, 'Tax Group Id is required [tax_group_id]'); } if (!isset($info['tax_included'])) { api_error(412, 'Tax Included is required [tax_included]'); } if (!isset($info['website'])) { $info['website'] = ''; } if (!isset($info['notes'])) { $info['notes'] = ''; } /* * $supplier_id, $supp_name, $supp_ref, $address, $supp_address, $gst_no, $website, $supp_account_no, * $bank_account, $credit_limit, $dimension_id, $dimension2_id, $curr_code, $payment_terms, $payable_account, * $purchase_account, $payment_discount_account, $notes, $tax_group_id, $tax_included */ update_supplier($id, $info['supp_name'], $info['supp_ref'], $info['address'], $info['supp_address'], $info['gst_no'], $info['website'], $info['supp_account_no'], $info['bank_account'], $info['credit_limit'], 0, 0, $info['curr_code'], $info['payment_terms'], $info['payable_account'], $info['purchase_account'], $info['payment_discount_account'], $info['notes'], $info['tax_group_id'], $info['tax_included']); api_success_response("Supplier has been updated"); }
<?php // Load the Supplier classes require_once 'include.php'; // Load the Translation for this Module if (!xml2php('supplier')) { $smarty->assign('error_msg', "Error in language file"); } // Load PHP Language Translations $langvals = gateway_xml2php('supplier'); // Load supplier details $supplier_details = display_supplier_info($db, $VAR['supplierID']); // If details submitted run update values, if not set load edit.tpl and populate values if (isset($VAR['submit'])) { if (!update_supplier($db, $VAR)) { force_page('supplier', 'edit&error_msg=Falied to Update Supplier Information&supplierID=' . $VAR['supplierID']); exit; } else { force_page('supplier', 'supplier_details&supplierID=' . $VAR['supplierID'] . '&page_title=' . $langvals['supplier_details_title']); exit; } } else { $smarty->assign('supplier_details', $supplier_details); $smarty->display('supplier' . SEP . 'edit.tpl'); }
$query = "SELECT * from SUPPLIER WHERE Contact={$supplier_contact}"; $supp = mysql_query($query); $num_fields = mysql_num_fields($supp); for ($i = 0; $i < $num_fields; $i++) { echo "<tr>" . "\n"; echo "<td>" . "\n"; $field = mysql_field_name($supp, $i); echo "<b>" . $field . "</b>" . "\n"; echo "</td>" . "\n"; echo "<td>" . "\n"; $res = mysql_result($supp, 0, $i); if ($i > 1) { echo "<input type = \"text\" name = \"{$field}\" value=\"{$res}\">"; } else { echo "<input type = \"text\" name = \"{$field}\" value=\"{$res}\" readonly=\"readonly\">"; } echo "</td>" . "\n"; echo "</tr>" . "\n"; } echo "</table>" . "\n" . "<br/>"; echo "<input type=\"submit\" name=\"submitbutton\" value=\"Update\">" . "\n"; echo "</form>" . "\n"; } ?> <body background="1.png"> <?php update_supplier($_POST["supplier"]); ?> </body> </html>
ie the page has called itself with some user input */ //first off validate inputs sensible if (strlen($_POST['supp_name']) == 0 || $_POST['supp_name'] == "") { $input_error = 1; display_error(_("The supplier name must be entered.")); set_focus('supp_name'); } if (strlen($_POST['supp_ref']) == 0 || $_POST['supp_ref'] == "") { $input_error = 1; display_error(_("The supplier short name must be entered.")); set_focus('supp_ref'); } if ($input_error != 1) { begin_transaction(); if ($supplier_id) { update_supplier($_POST['supplier_id'], $_POST['supp_name'], $_POST['supp_ref'], $_POST['address'], $_POST['supp_address'], $_POST['gst_no'], $_POST['website'], $_POST['supp_account_no'], $_POST['bank_account'], input_num('credit_limit', 0), $_POST['dimension_id'], $_POST['dimension2_id'], $_POST['curr_code'], $_POST['payment_terms'], $_POST['payable_account'], $_POST['purchase_account'], $_POST['payment_discount_account'], $_POST['notes'], $_POST['tax_group_id'], get_post('tax_included', 0)); update_record_status($_POST['supplier_id'], $_POST['inactive'], 'suppliers', 'supplier_id'); $Ajax->activate('supplier_id'); // in case of status change display_notification(_("Supplier has been updated.")); } else { add_supplier($_POST['supp_name'], $_POST['supp_ref'], $_POST['address'], $_POST['supp_address'], $_POST['gst_no'], $_POST['website'], $_POST['supp_account_no'], $_POST['bank_account'], input_num('credit_limit', 0), $_POST['dimension_id'], $_POST['dimension2_id'], $_POST['curr_code'], $_POST['payment_terms'], $_POST['payable_account'], $_POST['purchase_account'], $_POST['payment_discount_account'], $_POST['notes'], $_POST['tax_group_id'], check_value('tax_included')); $supplier_id = $_POST['supplier_id'] = db_insert_id(); add_crm_person($_POST['supp_ref'], $_POST['contact'], '', $_POST['address'], $_POST['phone'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['rep_lang'], ''); add_crm_contact('supplier', 'general', $supplier_id, db_insert_id()); display_notification(_("A new supplier has been added.")); $Ajax->activate('_page_body'); } commit_transaction(); } } elseif (isset($_POST['delete']) && $_POST['delete'] != "") {
add_supplier(); break; case 'get_supplier': get_supplier(); break; case 'edit_product': edit_product(); break; case 'get_suppliers': get_suppliers(); break; case 'delete_supplier': delete_supplier(); break; case 'update_supplier': update_supplier(); break; } function add_supplier() { $data = json_decode(file_get_contents("php://input")); $suppliername = mysql_real_escape_string($data->suppliername); $supplieraddress = mysql_real_escape_string($data->supplieraddress); $supplierphone = mysql_real_escape_string($data->supplierphone); $supplieremail = mysql_real_escape_string($data->supplieremail); $supplieritem = mysql_real_escape_string($data->supplieritem); $supplierunitprice = mysql_real_escape_string($data->supplierunitprice); $supplierstatues = 1; //$upswd = mysql_real_escape_string($data->pswd); //$uemail = mysql_real_escape_string($data->email); $con = mysql_connect('localhost', 'root', '');