$sql = "INSERT INTO {$table} \n\t\t\t\t(CompCode, SuppCode, SuppGroup, Name, ContPers ,Addr1,Addr2, Addr3, Addr4, TelNo, Faxno, TermOthers, TermNonDisp, TermDisp, CostCode, GlAccNo, AccNo, AddUser, AddDate, SuppFlg, recstatus) \n\t\t\tVALUES \n\t\t\t\t('{$compcode}','" . clr($_POST['SuppCode']) . "','" . clr($_POST['SuppGroup']) . "', '" . clr($_POST['Name']) . "', '" . clr($_POST['ContPers']) . "', '" . clr($_POST['Addr1']) . "', '" . clr($_POST['Addr2']) . "', '" . clr($_POST['Addr3']) . "', '" . clr($_POST['Addr4']) . "', '" . clr($_POST['TelNo']) . "', '" . clr($_POST['Faxno']) . "', '" . clr($_POST['TermOthers']) . "', '" . clr($_POST['TermNonDisp']) . "', '" . clr($_POST['TermDisp']) . "', '" . clr($_POST['CostCode']) . "', '" . clr($_POST['GlAccNo']) . "', '" . clr($_POST['AccNo']) . "', '{$user}', NOW(), '" . clr($_POST['SuppFlg']) . "', '" . clr($_POST['recstatus']) . "')"; // OutAmt, DepAmt, MiscAmt, Advccode, AdvGlaccnorecstatus echo "{$sql}"; } else { if ($_POST['oper'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET\n\t\t\t\tSuppGroup = '" . clr($_POST['SuppGroup']) . "', \n\t\t\t\tName = '" . clr($_POST['Name']) . "',\n\t\t\t\tContPers = '" . clr($_POST['ContPers']) . "',\n\t\t\t\tAddr1 = '" . clr($_POST['Addr1']) . "',\n\t\t\t\tAddr2 = '" . clr($_POST['Addr2']) . "',\n\t\t\t\tAddr3 = '" . clr($_POST['Addr3']) . "',\n\t\t\t\tAddr1 = '" . clr($_POST['Addr1']) . "',\n\t\t\t\tAddr4 = '" . clr($_POST['Addr4']) . "',\n\t\t\t\tTelNo = '" . clr($_POST['TelNo']) . "',\n\t\t\t\tFaxno = '" . clr($_POST['Faxno']) . "',\n\t\t\t\tTermOthers = '" . clr($_POST['TermOthers']) . "',\n\t\t\t\tTermNonDisp = '" . clr($_POST['TermNonDisp']) . "',\n\t\t\t\tTermDisp = '" . clr($_POST['TermDisp']) . "',\n\t\t\t\tCostCode = '" . clr($_POST['CostCode']) . "',\n\t\t\t\tGlAccNo = '" . clr($_POST['GlAccNo']) . "',\n\t\t\t\tAccNo = '" . clr($_POST['AccNo']) . "',\n\t\t\t\trecstatus ='D',\n\t\t\t\tDelUser = '******',\n\t\t\t\tDelDate = NOW()\n\t\t\t\tWHERE \n\t\t\t\tcompcode = '{$compcode}' AND SuppCode='{$_POST['SuppCode']}'"; } else { $sql = "UPDATE {$table} SET\n\t\t\t\tSuppGroup = '" . clr($_POST['SuppGroup']) . "', \n\t\t\t\tName = '" . clr($_POST['Name']) . "',\n\t\t\t\tContPers = '" . clr($_POST['ContPers']) . "',\n\t\t\t\tAddr1 = '" . clr($_POST['Addr1']) . "',\n\t\t\t\tAddr2 = '" . clr($_POST['Addr2']) . "',\n\t\t\t\tAddr3 = '" . clr($_POST['Addr3']) . "',\n\t\t\t\tAddr1 = '" . clr($_POST['Addr1']) . "',\n\t\t\t\tAddr4 = '" . clr($_POST['Addr4']) . "',\n\t\t\t\tTelNo = '" . clr($_POST['TelNo']) . "',\n\t\t\t\tFaxno = '" . clr($_POST['Faxno']) . "',\n\t\t\t\tTermOthers = '" . clr($_POST['TermOthers']) . "',\n\t\t\t\tTermNonDisp = '" . clr($_POST['TermNonDisp']) . "',\n\t\t\t\tTermDisp = '" . clr($_POST['TermDisp']) . "',\n\t\t\t\tCostCode = '" . clr($_POST['CostCode']) . "',\n\t\t\t\tGlAccNo = '" . clr($_POST['GlAccNo']) . "',\n\t\t\t\tAccNo = '" . clr($_POST['AccNo']) . "',\n\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "',\n\t\t\t\tUpdUser = '******',\n\t\t\t\tUpdDate = NOW()\n\t\t\t\tWHERE \n\t\t\t\tcompcode = '{$compcode}' AND SuppCode='{$_POST['SuppCode']}'"; } //echo "$sql"; } else { if ($_POST['oper'] == 'del') { $sql = "UPDATE {$table} SET recstatus = 'D', DelUser= '******', DelDate = NOW()\n\t\t WHERE compcode = '{$compcode}' AND SuppCode='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('SuppCode', $table, clr($_POST['SuppCode']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
$mysqli->autocommit(FALSE); if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t\t\t\t(compcode,uomcode,description,convfactor,adduser,adddate,recstatus)\n\t\t\tVALUES \n\t\t\t\t('{$compcode}', \n\t\t\t\t'" . clr($_POST['uomcode']) . "',\n\t\t\t\t'" . clr($_POST['description']) . "', \n\t\t\t\t'" . clr($_POST['convfactor']) . "', \n\t\t\t\t'{$user}', \n\t\t\t\tNOW(), \n\t\t\t\t'" . clr($_POST['recstatus']) . "')"; } else { if ($_POST['oper'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET \t\n\t\t\t\tconvfactor = '" . clr($_POST['convfactor']) . "',\n\t\t\t\tupduser = '******',\n\t\t\t\tupddate = NOW(),\n\t\t\t\tdeluser= '******',\n\t\t\t\tdeldate = NOW(),\n\t\t\t\trecstatus = 'D'\n\t\t\tWHERE \n\t\t\t\tcompcode = '{$compcode}' AND uomcode='{$_POST['uomcode']}'"; } else { $sql = "UPDATE {$table} SET\n\t\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\t\tconvfactor = '" . clr($_POST['convfactor']) . "', \n\t\t\t\t\tupduser = '******',\n\t\t\t\t\tupddate = NOW(),\n\t\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "'\n\t\t\t\tWHERE \n\t\t\t\t\tcompcode = '{$compcode}' AND uomcode='{$_POST['uomcode']}'"; } //echo "$sql";break; } else { if ($_POST['oper'] == 'del') { $sql = "UPDATE {$table} SET recstatus = 'D', deluser= '******', deldate = NOW()\n\t\t WHERE compcode = '{$compcode}' AND uomcode='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('uomcode', $table, clr($_POST['uomcode']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
} */ if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t (compcode,source,paymode,description,ccode,glaccno,paytype,cardflag,recstatus,valexpdate,\n\t\t\t lastuser,drpayment) \n\t\t\t \n\t\t\tVALUES \n\t\t\t\t( '{$compcode}',\n\t\t\t\t'{$s}', \n\t\t\t\t'" . clr($_POST['paymode']) . "', \n\t\t\t\t'" . clr($_POST['description']) . "',\n\t\t\t\t'" . clr($_POST['ccode']) . "',\n\t\t\t\t'" . clr($_POST['glaccno']) . "', \n\t\t\t\t'" . clr($_POST['paytype']) . "', \n\t\t\t\t'" . clr($_POST['cardflag']) . "', \n\t\t\t\t'" . clr($_POST['recstatus']) . "', \n\t\t\t\t'" . clr($_POST['valexpdate']) . "',\n\t\t\t\t'" . clr($_POST['lastuser']) . "',\n\t\t\t\t'" . clr($_POST['drpayment']) . "'\n\t\t\t\t)"; //'".clr($_POST['comrate'])."', //'".clr($_POST['lastupdate'])."', //'".clr($_POST['drcommrate'])."', //'".clr($_POST['cardcent'])."' } else { if ($_POST['oper'] == 'edit') { $sql = "UPDATE {$table} SET\n\t\t\t\t\n\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\tccode = '" . clr($_POST['ccode']) . "',\n\t\t\t\tglaccno = '" . clr($_POST['glaccno']) . "',\n\t\t\t\tpaytype = '" . clr($_POST['paytype']) . "',\n\t\t\t\tcardflag = '" . clr($_POST['cardflag']) . "',\n\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "',\n\t\t\t\tvalexpdate = '" . clr($_POST['valexpdate']) . "',\n\t\t\t\tlastupdate = '{$user}',\n\t\t\t\tdrcommrate = '" . clr($_POST['drcommrate']) . "',\t\n\t\t\t\tdrpayment = '" . clr($_POST['drpayment']) . "',\n\t\t\t\tcardcent = '" . clr($_POST['cardcent']) . "'\n\t\t\t\t\t\t\n\t\t\tWHERE \n\t\t\t\tpaymode='{$_POST['paymode']}'"; } else { if ($_POST['oper'] == 'del') { $sql = "DELETE FROM {$table} WHERE paymode='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('paymode', $table, clr($_POST['paymode']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
$lineno_ = 1; } else { $lineno_++; } $sql = "INSERT INTO {$table} \n\t\t\t\t(compcode, suppcode, lineno_, pricecode, itemcode , uomcode, purqty, unitprice, perdiscount, amtdisc, amtslstax, perslstax, expirydate, sitemcode, recstatus, adduser, adddate) \n\t\t\tVALUES \n\t\t\t\t('{$compcode}','" . clr($_POST['suppcode']) . "','{$lineno_}', '" . clr($_POST['pricecode']) . "', '" . clr($_POST['itemcode']) . "', '" . clr($_POST['uomcode']) . "', '" . clr($_POST['purqty']) . "', '" . clr($_POST['unitprice']) . "', '" . clr($_POST['perdiscount']) . "', '" . clr($_POST['amtdisc']) . "', '" . clr($_POST['amtslstax']) . "', '" . clr($_POST['perslstax']) . "', '" . clr($_POST['expirydate']) . "', '" . clr($_POST['sitemcode']) . "', '" . clr($_POST['recstatus']) . "', '{$user}', NOW())"; } else { if ($_POST['operItem'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET\n\t\t\t\tpricecode = '" . clr($_POST['pricecode']) . "',\n\t\t\t\titemcode = '" . clr($_POST['itemcode']) . "',\n\t\t\t\tuomcode = '" . clr($_POST['uomcode']) . "',\n\t\t\t\tpurqty = '" . clr($_POST['purqty']) . "',\n\t\t\t\tunitprice = '" . clr($_POST['unitprice']) . "',\n\t\t\t\tperdiscount = '" . clr($_POST['perdiscount']) . "',\n\t\t\t\tamtdisc = '" . clr($_POST['amtdisc']) . "',\n\t\t\t\tperslstax = '" . clr($_POST['perslstax']) . "',\n\t\t\t\tamtslstax = '" . clr($_POST['amtslstax']) . "',\n\t\t\t\texpirydate = '" . clr($_POST['expirydate']) . "',\n\t\t\t\tsitemcode = '" . clr($_POST['sitemcode']) . "',\n\t\t\t\trecstatus = 'D',\n\t\t\t\tdeluser = '******',\n\t\t\t\tdeldate = NOW()\n\t\t\t\tWHERE compcode = '{$compcode}' AND suppcode='" . clr($_POST['suppcode']) . "'\n\t\t\t\tAND lineno_='" . clr($_POST['lineno_']) . "'"; echo "{$sql}"; } else { $sql = "UPDATE {$table} SET\n\t\t\t\tpricecode = '" . clr($_POST['pricecode']) . "',\n\t\t\t\titemcode = '" . clr($_POST['itemcode']) . "',\n\t\t\t\tuomcode = '" . clr($_POST['uomcode']) . "',\n\t\t\t\tpurqty = '" . clr($_POST['purqty']) . "',\n\t\t\t\tunitprice = '" . clr($_POST['unitprice']) . "',\n\t\t\t\tperdiscount = '" . clr($_POST['perdiscount']) . "',\n\t\t\t\tamtdisc = '" . clr($_POST['amtdisc']) . "',\n\t\t\t\tperslstax = '" . clr($_POST['perslstax']) . "',\n\t\t\t\tamtslstax = '" . clr($_POST['amtslstax']) . "',\n\t\t\t\texpirydate = '" . clr($_POST['expirydate']) . "',\n\t\t\t\tsitemcode = '" . clr($_POST['sitemcode']) . "',\n\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "',\n\t\t\t\tupduser = '******',\n\t\t\t\tupddate = NOW()\n\t\t\t\tWHERE compcode = '{$compcode}' AND suppcode='" . clr($_POST['suppcode']) . "'\n\t\t\t\tAND lineno_='" . clr($_POST['lineno_']) . "'"; } } else { if ($_POST['operItem'] == 'del') { $sql = "UPDATE {$table} SET \n\t\t\t\trecstatus = 'D',\n\t\t\t\tdeluser = '******',\n\t\t\t\tdeldate = NOW()\n\t\t\t\tWHERE compcode = '{$compcode}' AND suppcode='" . clr($_POST['suppcode']) . "'\n\t\t\t\tAND lineno_='{$_POST['id']}'"; //echo "$sql"; } } } try { /*if($_POST['operItem']=='add' && duplicate('suppcode','itemcode',$table,clr($_POST['suppcode']),clr($_POST['itemcode']))){ throw new Exception('Duplicate key'); }*/ if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage();
if ($_POST['active'] == 'Yes') { $active = '1'; } else { $active = '0'; } if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t\t\t\t(compcode,authorid,name,password,deptcode, active, adddate,adduser, upddate,\n\t\t\t\tupduser) \n\t\t\tVALUES \n\t\t\t\t('" . clr($compcode) . "',\n\t\t\t\t'" . clr($_POST['authorid']) . "',\n\t\t\t\t'" . clr($_POST['name']) . "', \n\t\t\t\t'" . clr($_POST['password']) . "',\n\t\t\t\t'" . clr($_POST['deptcode']) . "', \n\t\t\t\t'{$active}', \n\t\t\t\tNOW(),\n\t\t\t\t'" . clr($user) . "', \n\t\t\t\tNOW(),\n\t\t\t\t'" . clr($user) . "'\n\t\t\t\t)"; } else { if ($_POST['oper'] == 'edit') { $sql = "UPDATE {$table} SET\n\t\t\t\tname = '" . clr($_POST['name']) . "',\n\t\t\t\tpassword = '******'password']) . "',\n\t\t\t\tdeptcode ='" . clr($_POST['deptcode']) . "',\n\t\t\t\tactive = '{$active}',\n\t\t\t\tadddate = NOW(), \n\t\t\t\tadduser = '******', \n\t\t\t\tadddate = NOW(), \n\t\t\t\tadduser = '******'\n\t\t\t\t\n\t\t\t\t\n\t\t\tWHERE \n\t\t\t\tauthorid='{$_POST['authorid']}'"; // debtortycode= '".clr($_POST['debtortycode'])."', } else { if ($_POST['oper'] == 'del') { $sql = "DELETE FROM {$table} WHERE authorid='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('authorid', $table, clr($_POST['authorid']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
global $mysqli, $compcode, $bankcode, $startno; $sqlDuplicate = "select {$code} from {$table} where {$code} = '{$codetext}' AND compcode = '{$compcode}'"; $resultDuplicate = $mysqli->query($sqlDuplicate); return $resultDuplicate->num_rows; } function duplicate2($field, $code, $code2, $table) { global $mysqli, $compcode, $bankcode, $startno; $sqlDuplicate = "select {$code},{$code2} from {$table} where {$code} = '{$codetext}' AND compcode = '{$compcode}' AND bankcode='{$field}'"; $res == $mysqli->query($sqlDuplicate); $row = $mysqli->query($sqlDuplicate)->fetch_row(); echo $row; } $mysqli->autocommit(FALSE); if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t\t\t\t(compcode,bankcode,startno,endno,cheqqty,stat,adduser,adddate) \n\t\t\tVALUES \n\t\t\t\t('{$compcode}',\n\t\t\t\t'" . clr($_POST['bankcode']) . "',\n\t\t\t\t'" . clr($_POST['startno']) . "',\n\t\t\t\t'" . clr($_POST['endno']) . "',\n\t\t\t\t'" . clr($_POST['endno'] - $_POST['startno'] + 1) . "',\n\t\t\t\t'ACTIVE',\n\t\t\t\t'{$user}',\n\t\t\t\tNOW())"; $bankcode = $_REQUEST['bankcode']; $startno = $_REQUEST['startno']; $endno = $_REQUEST['endno']; $a = "INSERT INTO {$table2} \n\t\t\t\t\t(compcode, bankcode, cheqno, stat, lastuser) VALUES "; while ($startno < $endno) { $a .= "('{$compcode}', '{$bankcode}', '{$startno}', 'ACTIVE', '{$user}'), "; $startno++; } $a .= "('{$compcode}', '{$bankcode}', '{$startno}', 'ACTIVE', '{$user}')"; echo "{$sql}"; echo "{$a}"; } else { if ($_POST['oper'] == 'edit') { /* $sql="UPDATE {$table} SET startno = '".clr($_POST['startno'])."',
function autoSyntaxUpd(array $fixColName, array $fixColValue) { global $column, $table, $columnid; $string = 'UPDATE ' . $table . ' SET '; for ($x = 0; $x < count($column); $x++) { $string .= $column[$x] . ' = '; $key = array_search($column[$x], $fixColName); if ($key > -1) { if (!strcmp($fixColValue[$key], 'NOW()')) { $string .= clr($fixColValue[$key]); } else { $string .= "'" . clr($fixColValue[$key]) . "'"; } } else { if (isset($_POST[$column[$x]])) { $string .= "'" . clr($_POST[$column[$x]]) . "'"; } else { $string .= "NULL"; } } if ($x != count($column) - 1) { $string .= ','; } } $string .= " WHERE " . $columnid . " = '" . $_POST[$columnid] . "'"; return $string; }
$sql = "INSERT INTO {$table} \n\t\t\t\t(compcode,glaccount,description,accgroup, recstatus, adduser,adddate) \n\t\t\tVALUES \n\t\t\t\t('{$compcode}', '" . clr($_POST['glaccount']) . "', '" . clr($_POST['description']) . "', '" . clr($_POST['accgroup']) . "', '" . clr($_POST['recstatus']) . "', '{$user}', NOW())"; //(compcode,glaccount,description,acttype,repgroup,accgroup, recstatus, adduser,adddate, nprefid) } else { if ($_POST['oper'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET\n\t\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\t\trecstatus = 'D',\n\t\t\t\t\taccgroup = '" . clr($_POST['accgroup']) . "',\n\t\t\t\t\tdeluser= '******', \n\t\t\t\t\tdeldate = NOW()\n\t\t\t\tWHERE \n\t\t\t\t\tsysno='{$_POST['sysno']}'"; } else { $sql = "UPDATE {$table} SET\n\t\t\t\t\tdescription = '" . clr($_POST['description']) . "', \n\t\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "',\n\t\t\t\t\taccgroup = '" . clr($_POST['accgroup']) . "',\n\t\t\t\t\tupduser = '******',\n\t\t\t\t\tupddate = NOW()\n\t\t\t\tWHERE \n\t\t\t\t\tsysno='{$_POST['sysno']}'"; //echo"$sql"; } } else { if ($_POST['oper'] == 'del') { $sql = "UPDATE {$table} SET recstatus = 'D', deluser= '******', deldate = NOW()\n\t\t WHERE sysno='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('glaccount', $table, clr($_POST['glaccount']))) { throw new Exception('Duplicate key'); } //if($_POST['oper']=='add' && duplicate('compcode',$table,'$compcode') && duplicate('glaccount',$table,clr($_POST['glaccount']))){ if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
// disable autocommit 'admin',NOW() if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t\t\t\t(compcode,debtortycode,description,depccode,depglacc, actdebccode, actdebglacc,lastuser, lastupdate,\n\t\t\t\tregfees, typegrp, updpayername, updepisode, recstatus) \n\t\t\tVALUES \n\t\t\t\t('" . clr($compcode) . "',\n\t\t\t\t'" . clr($_POST['debtortycode']) . "',\n\t\t\t\t'" . clr($_POST['description']) . "', \n\t\t\t\t'" . clr($_POST['depccode']) . "',\n\t\t\t\t'" . clr($_POST['depglacc']) . "', \n\t\t\t\t'" . clr($_POST['actdebccode']) . "', \n\t\t\t\t'" . clr($_POST['actdebglacc']) . "', \n\t\t\t\t'" . clr($user) . "', \n\t\t\t\tNOW(),\n\t\t\t\t'" . clr($_POST['regfees']) . "', \n\t\t\t\t'" . clr($_POST['typegrp']) . "', \n\t\t\t\t'{$user}',\n\t\t\t\t'" . clr($_POST['updepisode']) . "',\n\t\t\t\t'{$recstatus}'\n\t\t\t\t)"; } else { if ($_POST['oper'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET\n\t\t\t\tcompcode= '" . clr($compcode) . "',\n\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\tdepccode = '" . clr($_POST['depccode']) . "',\n\t\t\t\tdepglacc ='" . clr($_POST['depglacc']) . "',\n\t\t\t\tactdebccode = '" . clr($_POST['actdebccode']) . "',\n\t\t\t\tactdebglacc ='" . clr($_POST['actdebglacc']) . "',\n\t\t\t\tlastuser = '******', \n\t\t\t\tlastupdate = NOW(), \n\t\t\t\ttypegrp= '" . clr($_POST['typegrp']) . "', \n\t\t\t\trecstatus = 'D'\n\t\t\tWHERE \n\t\t\t\tdebtortycode='{$_POST['debtortycode']}'"; } else { $sql = "UPDATE {$table} SET\n\t\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\t\tdepccode = '" . clr($_POST['depccode']) . "',\n\t\t\t\t\tdepglacc ='" . clr($_POST['depglacc']) . "',\n\t\t\t\t\tactdebccode = '" . clr($_POST['actdebccode']) . "',\n\t\t\t\t\tactdebglacc ='" . clr($_POST['actdebglacc']) . "',\n\t\t\t\t\tlastuser = '******', \n\t\t\t\t\tlastupdate = NOW(),\n\t\t\t\t\ttypegrp= '" . clr($_POST['typegrp']) . "',\n\t\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "'\n\t\t\t\tWHERE \n\t\t\t\t\tdebtortycode='{$_POST['debtortycode']}'"; echo "{$sql}"; } } else { if ($_POST['oper'] == 'del') { $sql = "DELETE FROM {$table} WHERE debtortycode='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('debtortycode', $table, clr($_POST['debtortycode']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
global $mysqli; $sqlDuplicate = "select {$code} from {$table} where {$code} = '{$codetext}'"; $resultDuplicate = $mysqli->query($sqlDuplicate); return $resultDuplicate->num_rows; } $mysqli->autocommit(FALSE); if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t\t\t\t(sysno, compcode, trantype, description, isstype, trbyiv, updqty, crdbfl, updamt, accttype, recstatus,\n\t\t\t\t adduser, adddate, upduser, upddate) \n\t\t\tVALUES \n\t\t\t\t('" . clr($_POST['sysno']) . "', '{$compcode}', '" . clr($_POST['trantype']) . "', '" . clr($_POST['description']) . "',\n\t\t\t\t '" . clr($_POST['isstype']) . "', '" . clr($_POST['trbyiv']) . "', '" . clr($_POST['updqty']) . "', \n\t\t\t\t '" . clr($_POST['crdbfl']) . "', '" . clr($_POST['updamt']) . "', '" . clr($_POST['accttype']) . "', '{$recstatus}', \n\t\t\t\t '{$user}', NOW(), '{$user}', NOW())"; } else { if ($_POST['oper'] == 'edit') { $sql = "UPDATE {$table} SET\n\t\t\t\ttrantype = '" . clr($_POST['trantype']) . "',\n\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\tisstype = '" . clr($_POST['isstype']) . "',\n\t\t\t\taccttype = '" . clr($_POST['accttype']) . "'\t\n\t\t\tWHERE \n\t\t\t\tsysno='{$_POST['sysno']}'"; } else { if ($_POST['oper'] == 'del') { $sql = "UPDATE {$table} SET recstatus = 'D'\n\t\t WHERE sysno='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('sysno', $table, clr($_POST['sysno']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
} $mysqli->autocommit(FALSE); if ($_POST['oper'] == 'add') { $sql = "INSERT INTO {$table} \n\t\t\t\t(compcode,source,trantype,description,updpayername,updepisode,depccode, depglacc, manualalloc, recstatus, adduser, adddate) \n\t\t\tVALUES \n\t\t\t\t('{$compcode}','{$source}','" . clr($_POST['trantype']) . "', '" . clr($_POST['description']) . "', '{$vUpdpayername}', '{$vUpdepisode}', '" . clr($_POST['depccode']) . "', '" . clr($_POST['depglacc']) . "', '{$vManualalloc}', '" . clr($_POST['recstatus']) . "', '{$user}', NOW())"; } else { if ($_POST['oper'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET \n\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\tupdpayername = '{$vUpdpayername}',\n\t\t\t\tupdepisode = '{$vUpdepisode}',\n\t\t\t\tdepccode = '" . clr($_POST['depccode']) . "',\n\t\t\t\tdepglacc = '" . clr($_POST['depglacc']) . "',\n\t\t\t\tmanualalloc = '{$vManualalloc}',\n\t\t\t\tdeluser = '******',\n\t\t\t\tdeldate = NOW(),\n\t\t\t\trecstatus = 'D'\n\t\t\tWHERE \n\t\t\t\tsysno='{$_POST['sysno']}'"; } else { $sql = "UPDATE {$table} SET \n\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\tupdpayername = '{$vUpdpayername}',\n\t\t\t\tupdepisode = '{$vUpdepisode}',\n\t\t\t\tdepccode = '" . clr($_POST['depccode']) . "',\n\t\t\t\tdepglacc = '" . clr($_POST['depglacc']) . "',\n\t\t\t\tmanualalloc = '{$vManualalloc}',\n\t\t\t\tupduser = '******',\n\t\t\t\tupddate = NOW(),\n\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "'\n\t\t\tWHERE \n\t\t\t\tsysno='{$_POST['sysno']}'"; } } else { if ($_POST['oper'] == 'del') { $sql = "UPDATE {$table} SET recstatus = 'D', deluser= '******', deldate = NOW()\n\t\t WHERE sysno='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('trantype', $table, clr($_POST['trantype']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();
} else { if ($_POST['oper'] == 'edit') { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET \n\t\t\t\t\t\tcostcode = '" . clr($_POST['costcode']) . "', \n\t\t\t\t\t\tglaccno = '" . clr($_POST['glaccno']) . "',\n\t\t\t\t\t\tadvccode = '" . clr($_POST['advccode']) . "',\n\t\t\t\t\t\tadvglaccno = '" . clr($_POST['advglaccno']) . "',\n\t\t\t\t\t\trecstatus = 'D',\n\t\t\t\t\t\tupduser = '******',\n\t\t\t\t\t\tupddate = NOW(),\n\t\t\t\t\t\tdeluser= '******',\n\t\t\t\t\t\tdeldate = NOW()\n\t\t\t\t\tWHERE \n\t\t\t\t\tcompcode = '{$compcode}' AND suppgroup='{$_POST['suppgroup']}'"; } else { if ($_POST['recstatus'] == 'D') { $sql = "UPDATE {$table} SET\n\t\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\t\tcostcode = '" . clr($_POST['costcode']) . "', \n\t\t\t\t\tglaccno = '" . clr($_POST['glaccno']) . "',\n\t\t\t\t\tadvccode = '" . clr($_POST['advccode']) . "',\n\t\t\t\t\tadvglaccno = '" . clr($_POST['advglaccno']) . "',\n\t\t\t\t\trecstatus = 'D',\n\t\t\t\t\tdeluser = '******',\n\t\t\t\t\tdeldate = NOW()\n\t\t\t\tWHERE \n\t\t\t\t\tcompcode = '{$compcode}' AND suppgroup='{$_POST['suppgroup']}'"; } else { $sql = "UPDATE {$table} SET\n\t\t\t\t\tdescription = '" . clr($_POST['description']) . "',\n\t\t\t\t\tcostcode = '" . clr($_POST['costcode']) . "', \n\t\t\t\t\tglaccno = '" . clr($_POST['glaccno']) . "',\n\t\t\t\t\tadvccode = '" . clr($_POST['advccode']) . "',\n\t\t\t\t\tadvglaccno = '" . clr($_POST['advglaccno']) . "',\n\t\t\t\t\trecstatus = '" . clr($_POST['recstatus']) . "',\n\t\t\t\t\tupduser = '******',\n\t\t\t\t\tupddate = NOW()\n\t\t\t\tWHERE \n\t\t\t\t\tcompcode = '{$compcode}' AND suppgroup='{$_POST['suppgroup']}'"; } } } else { if ($_POST['oper'] == 'del') { $sql = "UPDATE {$table} SET recstatus = 'D', deluser= '******', deldate = NOW()\n\t\t WHERE compcode = '{$compcode}' AND suppgroup='{$_POST['id']}'"; } } } try { if ($_POST['oper'] == 'add' && duplicate('suppgroup', $table, clr($_POST['suppgroup']))) { throw new Exception('Duplicate key'); } if (!$mysqli->query($sql)) { throw new Exception($sql); } $mysqli->commit(); } catch (Exception $e) { http_response_code(400); echo $e->getMessage(); $mysqli->rollback(); } $mysqli->close();