/
admin_product_add_process.php
37 lines (34 loc) · 1.28 KB
/
admin_product_add_process.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php include "include/include_pre.php" ?>
<?php
requireSignin(TRUE);
requireLevel(0);
$conn = connect_db($db_server, $db_username, $db_password, $db_dbname);
?>
<?php
// define variables and set to empty values
$inputName = $inputType = $inputPrice = $inputType = $optionsActive = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$inputName = testInput($_POST["inputName"]);
$inputType = testInput($_POST["inputType"]);
$inputPrice = testInput($_POST["inputPrice"]);
$inputUnit = testInput($_POST["inputUnit"]);
$optionsActive = testInput($_POST["optionsActive"]);
$barcode = "P".date("YmdHis");
}
$sql = "INSERT INTO products (name, price, unit, type, is_active, barcode, created_at, updated_at)
VALUES ('$inputName', $inputPrice, '$inputUnit', '$inputType', $optionsActive, '$barcode', now(), now() )";
// echo $sql;
if ($conn->query($sql) === TRUE) {
header("Location: admin_products_view.php?success=true&command=add");
die();
} else {
// echo "Error: " . $sql . "<br>" . $conn->error;
if ( strrpos($conn->error, "Duplicate") !== false ) {
// echo "Duplicate";
header("Location: admin_products_view.php?success=false&command=add&reason=duplicate");
die();
} else {
echo $conn->error;
}
}
?>