function saveFormData($table, &$primaryKey, &$formElements, &$values, &$warnings, $parentKeyName = '', $parentKey = FALSE)
{
global $dblink;
$missingValues = '';
$strFields = '';
$strInsert = '';
$strUpdateFields = '';
$arrValues = [];
if (!isset($primaryKey) || !$primaryKey) {
unset($values['id']);
}
foreach ($formElements as $elem) {
$type = $elem['type'];
if (in_array($type, ['', 'IFORM', 'RESULT', 'BUTTON', 'JSBUTTON', 'IMAGE', 'ROWSUM', 'NEWLINE', 'LABEL']) || isset($elem['read_only']) && $elem['read_only']) {
continue;
}
$name = $elem['name'];
if (!$elem['allow_null'] && (!isset($values[$name]) || $values[$name] === '')) {
if ($missingValues) {
$missingValues .= ', ';
}
$missingValues .= $elem['label'];
continue;
}
$value = isset($values[$name]) ? $values[$name] : getFormDefaultValue($elem, $parentKey);
if ($type == 'PASSWD' && !$value) {
continue;
}
// Don't save empty password
if (isset($elem['unique']) && $elem['unique']) {
$query = "SELECT * FROM {$table} WHERE deleted=0 AND {$name}=?";
$params = [$value];
if (isset($primaryKey) && $primaryKey) {
$query .= ' AND id!=?';
$params[] = $primaryKey;
}
$res = mysqli_param_query($query, $params);
if (mysqli_fetch_array($res)) {
$warnings = sprintf($GLOBALS['locDuplicateValue'], $elem['label']);
return false;
}
}
if ($strFields) {
$strFields .= ', ';
$strInsert .= ', ';
$strUpdateFields .= ', ';
}
$strFields .= $name;
$fieldPlaceholder = '?';
switch ($type) {
case 'PASSWD':
$fieldPlaceholder = 'md5(?)';
$arrValues[] = $values[$name];
break;
case 'INT':
case 'HID_INT':
case 'SECHID_INT':
$arrValues[] = $value !== '' && $value !== false ? str_replace(',', '.', $value) : ($elem['allow_null'] ? NULL : 0);
break;
case 'LIST':
case 'SEARCHLIST':
$arrValues[] = isset($values[$name]) ? $value !== '' ? str_replace(',', '.', $value) : NULL : NULL;
break;
case 'CHECK':
$arrValues[] = $value ? 1 : 0;
break;
case 'INTDATE':
$arrValues[] = $value ? dateConvDate2DBDate($value) : NULL;
break;
default:
$arrValues[] = $value;
}
$strInsert .= $fieldPlaceholder;
$strUpdateFields .= "{$name}={$fieldPlaceholder}";
}
if ($missingValues) {
return $missingValues;
}
mysqli_query_check('SET AUTOCOMMIT = 0');
mysqli_query_check('BEGIN');
try {
// Special case for invoice rows - update product stock balance
if ($table == '{prefix}invoice_row') {
updateProductStockBalance(isset($primaryKey) ? $primaryKey : null, isset($values['product_id']) ? $values['product_id'] : null, $values['pcs']);
}
if (!isset($primaryKey) || !$primaryKey) {
if ($parentKeyName) {
$strFields .= ", {$parentKeyName}";
$strInsert .= ', ?';
$arrValues[] = $parentKey;
}
$strQuery = "INSERT INTO {$table} ({$strFields}) VALUES ({$strInsert})";
mysqli_param_query($strQuery, $arrValues, 'exception');
$primaryKey = mysqli_insert_id($dblink);
} else {
// Special case for invoice - update product stock balance for all
// invoice rows if the invoice was previously deleted
if ($table == '{prefix}invoice') {
$res = mysqli_param_query('SELECT deleted FROM {prefix}invoice WHERE id=?', [$primaryKey]);
if (mysqli_fetch_value($res)) {
$res = mysqli_param_query('SELECT product_id, pcs FROM {prefix}invoice_row WHERE invoice_id=? AND deleted=0', [$primaryKey]);
while ($row = mysqli_fetch_assoc($res)) {
updateProductStockBalance(null, $row['product_id'], $row['pcs']);
}
}
}
$strQuery = "UPDATE {$table} SET {$strUpdateFields}, deleted=0 WHERE id=?";
$arrValues[] = $primaryKey;
mysqli_param_query($strQuery, $arrValues, 'exception');
}
} catch (Exception $e) {
mysqli_query_check('ROLLBACK');
mysqli_query_check('SET AUTOCOMMIT = 1');
die($e->getMessage());
}
mysqli_query_check('COMMIT');
mysqli_query_check('SET AUTOCOMMIT = 1');
// Special case for invoices - check for duplicate invoice numbers
if ($table == '{prefix}invoice' && isset($values['invoice_no']) && $values['invoice_no']) {
$query = 'SELECT ID FROM {prefix}invoice where deleted=0 AND id!=? AND invoice_no=?';
$params = [$primaryKey, $values['invoice_no']];
if (getSetting('invoice_numbering_per_base')) {
$query .= ' AND base_id=?';
$params[] = $values['base_id'];
}
if (getSetting('invoice_numbering_per_year')) {
$query .= ' AND invoice_date >= ' . date('Y') . '0101';
}
$res = mysqli_param_query($query, $params);
if (mysqli_fetch_assoc($res)) {
$warnings = $GLOBALS['locInvoiceNumberAlreadyInUse'];
}
}
return TRUE;
}
$strQuery = 'SELECT * ' . 'FROM {prefix}invoice_row ' . 'WHERE deleted=0 AND invoice_id=?';
$intRes = mysqli_param_query($strQuery, [$intInvoiceId], 'exception');
while ($row = mysqli_fetch_assoc($intRes)) {
if ($boolRefund) {
$row['pcs'] = -$row['pcs'];
} else {
if ($row['reminder_row']) {
continue;
}
}
unset($row['id']);
$row['invoice_id'] = $intNewId;
if (getSetting('invoice_update_row_dates_on_copy')) {
$row['row_date'] = $newRowDate;
}
// Update product stock balance
if ($row['product_id'] !== null) {
updateProductStockBalance(null, $row['product_id'], $row['pcs']);
}
$strQuery = 'INSERT INTO {prefix}invoice_row(' . implode(', ', array_keys($row)) . ') ' . 'VALUES (' . str_repeat('?, ', count($row) - 1) . '?)';
mysqli_param_query($strQuery, $row, 'exception');
}
} catch (Exception $e) {
mysqli_query_check('ROLLBACK');
mysqli_query_check('SET AUTOCOMMIT = 1');
die($e->message);
}
mysqli_query_check('COMMIT');
mysqli_query_check('SET AUTOCOMMIT = 1');
}
header('Location: ' . _PROTOCOL_ . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?func={$strFunc}&list={$strList}&form=invoice&id={$intNewId}");
function deleteRecord($table, $id)
{
mysqli_query_check('BEGIN');
try {
// Special case for invoice_row - update product stock balance
if ($table == '{prefix}invoice_row') {
updateProductStockBalance($id, null, null);
}
// Special case for invoice - update all products in invoice rows
if ($table == '{prefix}invoice') {
$res = mysqli_param_query('SELECT id FROM {prefix}invoice_row WHERE invoice_id=? AND deleted=0', [$id], 'exception');
while ($row = mysqli_fetch_assoc($res)) {
updateProductStockBalance($row['id'], null, null);
}
}
$query = "UPDATE {$table} SET deleted=1 WHERE id=?";
mysqli_param_query($query, [$id], 'exception');
} catch (Exception $e) {
mysqli_query_check('ROLLBACK');
throw $e;
}
mysqli_query_check('COMMIT');
}