$product = find_by_id('products', $sale['product_id']); if (isset($_POST['update_sale'])) { $req_fields = array('title', 'quantity', 'price', 'total', 'date'); validate_fields($req_fields); if (empty($errors)) { $p_id = $db->escape((int) $product['id']); $s_qty = $db->escape((int) $_POST['quantity']); $s_total = $db->escape($_POST['total']); $date = $db->escape($_POST['date']); $s_date = date("Y-m-d", strtotime($date)); $sql = "UPDATE sales SET"; $sql .= " product_id= '{$p_id}',qty={$s_qty},price='{$s_total}',date='{$s_date}'"; $sql .= " WHERE id ='{$sale['id']}'"; $result = $db->query($sql); if ($result && $db->affected_rows() === 1) { update_product_qty($s_qty, $p_id); $session->msg('s', "Sale updated."); redirect('edit_sale.php?id=' . $sale['id'], false); } else { $session->msg('d', ' Sorry failed to updated!'); redirect('sales.php', false); } } else { $session->msg("d", $errors); redirect('edit_sale.php?id=' . (int) $sale['id'], false); } } include_once 'layouts/header.php'; ?> <div class="row"> <div class="col-md-6">
$p_id = $db->escape((int) $product['id']); $s_qty = $db->escape((int) $_POST['quantity']); $s_total = $db->escape($_POST['total']); $date = $db->escape($_POST['date']); $custnr = $db->escape($_POST['custnr']); $comment = $db->escape($_POST['comment']); $s_date = date("Y-m-d", strtotime($date)); $s_mac = $db->escape($_POST['mac']); $qty_change = $s_qty - $sale['qty']; $sql = "UPDATE sales SET"; $sql .= " product_id= '{$p_id}',qty={$s_qty},price='{$s_total}',date='{$s_date}', custnr='{$custnr}', comment='{$comment}', mac='{$s_mac}'"; $sql .= " WHERE id ='{$sale['id']}'"; $result = $db->query($sql); if ($result && $db->affected_rows() === 1) { if ($s_qty != $product['ks_storage']) { update_product_qty($qty_change, $p_id); $session->msg('s', "Sale updated."); redirect('edit_sale.php?id=' . $sale['id'], false); } else { $session->msg('s', "Sale updated."); redirect('edit_sale.php?id=' . $sale['id'], false); } } else { $session->msg('d', ' Sorry failed to update!'); redirect('sales.php', false); } } else { $session->msg("d", $errors); redirect('edit_sale.php?id=' . (int) $sale['id'], false); } }