function saveFormData($table, &$primaryKey, &$formElements, &$values, &$warnings, $parentKeyName = '', $parentKey = FALSE) { global $dblink; $missingValues = ''; $strFields = ''; $strInsert = ''; $strUpdateFields = ''; $arrValues = []; if (!isset($primaryKey) || !$primaryKey) { unset($values['id']); } foreach ($formElements as $elem) { $type = $elem['type']; if (in_array($type, ['', 'IFORM', 'RESULT', 'BUTTON', 'JSBUTTON', 'IMAGE', 'ROWSUM', 'NEWLINE', 'LABEL']) || isset($elem['read_only']) && $elem['read_only']) { continue; } $name = $elem['name']; if (!$elem['allow_null'] && (!isset($values[$name]) || $values[$name] === '')) { if ($missingValues) { $missingValues .= ', '; } $missingValues .= $elem['label']; continue; } $value = isset($values[$name]) ? $values[$name] : getFormDefaultValue($elem, $parentKey); if ($type == 'PASSWD' && !$value) { continue; } // Don't save empty password if (isset($elem['unique']) && $elem['unique']) { $query = "SELECT * FROM {$table} WHERE deleted=0 AND {$name}=?"; $params = [$value]; if (isset($primaryKey) && $primaryKey) { $query .= ' AND id!=?'; $params[] = $primaryKey; } $res = mysqli_param_query($query, $params); if (mysqli_fetch_array($res)) { $warnings = sprintf($GLOBALS['locDuplicateValue'], $elem['label']); return false; } } if ($strFields) { $strFields .= ', '; $strInsert .= ', '; $strUpdateFields .= ', '; } $strFields .= $name; $fieldPlaceholder = '?'; switch ($type) { case 'PASSWD': $fieldPlaceholder = 'md5(?)'; $arrValues[] = $values[$name]; break; case 'INT': case 'HID_INT': case 'SECHID_INT': $arrValues[] = $value !== '' && $value !== false ? str_replace(',', '.', $value) : ($elem['allow_null'] ? NULL : 0); break; case 'LIST': case 'SEARCHLIST': $arrValues[] = isset($values[$name]) ? $value !== '' ? str_replace(',', '.', $value) : NULL : NULL; break; case 'CHECK': $arrValues[] = $value ? 1 : 0; break; case 'INTDATE': $arrValues[] = $value ? dateConvDate2DBDate($value) : NULL; break; default: $arrValues[] = $value; } $strInsert .= $fieldPlaceholder; $strUpdateFields .= "{$name}={$fieldPlaceholder}"; } if ($missingValues) { return $missingValues; } mysqli_query_check('SET AUTOCOMMIT = 0'); mysqli_query_check('BEGIN'); try { // Special case for invoice rows - update product stock balance if ($table == '{prefix}invoice_row') { updateProductStockBalance(isset($primaryKey) ? $primaryKey : null, isset($values['product_id']) ? $values['product_id'] : null, $values['pcs']); } if (!isset($primaryKey) || !$primaryKey) { if ($parentKeyName) { $strFields .= ", {$parentKeyName}"; $strInsert .= ', ?'; $arrValues[] = $parentKey; } $strQuery = "INSERT INTO {$table} ({$strFields}) VALUES ({$strInsert})"; mysqli_param_query($strQuery, $arrValues, 'exception'); $primaryKey = mysqli_insert_id($dblink); } else { // Special case for invoice - update product stock balance for all // invoice rows if the invoice was previously deleted if ($table == '{prefix}invoice') { $res = mysqli_param_query('SELECT deleted FROM {prefix}invoice WHERE id=?', [$primaryKey]); if (mysqli_fetch_value($res)) { $res = mysqli_param_query('SELECT product_id, pcs FROM {prefix}invoice_row WHERE invoice_id=? AND deleted=0', [$primaryKey]); while ($row = mysqli_fetch_assoc($res)) { updateProductStockBalance(null, $row['product_id'], $row['pcs']); } } } $strQuery = "UPDATE {$table} SET {$strUpdateFields}, deleted=0 WHERE id=?"; $arrValues[] = $primaryKey; mysqli_param_query($strQuery, $arrValues, 'exception'); } } catch (Exception $e) { mysqli_query_check('ROLLBACK'); mysqli_query_check('SET AUTOCOMMIT = 1'); die($e->getMessage()); } mysqli_query_check('COMMIT'); mysqli_query_check('SET AUTOCOMMIT = 1'); // Special case for invoices - check for duplicate invoice numbers if ($table == '{prefix}invoice' && isset($values['invoice_no']) && $values['invoice_no']) { $query = 'SELECT ID FROM {prefix}invoice where deleted=0 AND id!=? AND invoice_no=?'; $params = [$primaryKey, $values['invoice_no']]; if (getSetting('invoice_numbering_per_base')) { $query .= ' AND base_id=?'; $params[] = $values['base_id']; } if (getSetting('invoice_numbering_per_year')) { $query .= ' AND invoice_date >= ' . date('Y') . '0101'; } $res = mysqli_param_query($query, $params); if (mysqli_fetch_assoc($res)) { $warnings = $GLOBALS['locInvoiceNumberAlreadyInUse']; } } return TRUE; }
$strQuery = 'SELECT * ' . 'FROM {prefix}invoice_row ' . 'WHERE deleted=0 AND invoice_id=?'; $intRes = mysqli_param_query($strQuery, [$intInvoiceId], 'exception'); while ($row = mysqli_fetch_assoc($intRes)) { if ($boolRefund) { $row['pcs'] = -$row['pcs']; } else { if ($row['reminder_row']) { continue; } } unset($row['id']); $row['invoice_id'] = $intNewId; if (getSetting('invoice_update_row_dates_on_copy')) { $row['row_date'] = $newRowDate; } // Update product stock balance if ($row['product_id'] !== null) { updateProductStockBalance(null, $row['product_id'], $row['pcs']); } $strQuery = 'INSERT INTO {prefix}invoice_row(' . implode(', ', array_keys($row)) . ') ' . 'VALUES (' . str_repeat('?, ', count($row) - 1) . '?)'; mysqli_param_query($strQuery, $row, 'exception'); } } catch (Exception $e) { mysqli_query_check('ROLLBACK'); mysqli_query_check('SET AUTOCOMMIT = 1'); die($e->message); } mysqli_query_check('COMMIT'); mysqli_query_check('SET AUTOCOMMIT = 1'); } header('Location: ' . _PROTOCOL_ . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?func={$strFunc}&list={$strList}&form=invoice&id={$intNewId}");
function deleteRecord($table, $id) { mysqli_query_check('BEGIN'); try { // Special case for invoice_row - update product stock balance if ($table == '{prefix}invoice_row') { updateProductStockBalance($id, null, null); } // Special case for invoice - update all products in invoice rows if ($table == '{prefix}invoice') { $res = mysqli_param_query('SELECT id FROM {prefix}invoice_row WHERE invoice_id=? AND deleted=0', [$id], 'exception'); while ($row = mysqli_fetch_assoc($res)) { updateProductStockBalance($row['id'], null, null); } } $query = "UPDATE {$table} SET deleted=1 WHERE id=?"; mysqli_param_query($query, [$id], 'exception'); } catch (Exception $e) { mysqli_query_check('ROLLBACK'); throw $e; } mysqli_query_check('COMMIT'); }