1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

<?php
$formid = "Order";
require_once "inc/configure.php";

require_once "inc/ord_dtl_func.php";

//$refid     = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_STRING);

if ( $_POST['action']=="ord_serv_addform"  ) {
    //vdump($_REQUEST); exit;
    $custcode    = filter_var( $_REQUEST['custcode'], FILTER_SANITIZE_STRING );
    $order_nbr   = getNewRepairOrderNumber( $custcode );
    $vendor    = filter_var( $_REQUEST['vendor'], FILTER_SANITIZE_STRING );
    $launch_date  = filter_var( $_REQUEST['launch_date'], FILTER_SANITIZE_STRING );
    $custorder_ref  = filter_var( $_REQUEST['custorder_ref'], FILTER_SANITIZE_STRING );
    $status    = filter_var( $_REQUEST['status'], FILTER_SANITIZE_STRING );
    $del_date   = filter_var( $_REQUEST['del_date'], FILTER_SANITIZE_STRING );
    $confirm_date  = filter_var( $_REQUEST['confirm_date'], FILTER_SANITIZE_STRING );
    $remark     = filter_var( $_REQUEST['remark'], FILTER_SANITIZE_STRING );
    $discount   = (float)filter_var( $_REQUEST['discount'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION );
    $paymethod    = filter_var( $_REQUEST['paymethod'], FILTER_SANITIZE_STRING );
    $isserviceorder   = 1;
    $uom_cy     = filter_var( $_REQUEST['uom_cy'], FILTER_SANITIZE_STRING );
    $uom_cy2   = USD_CNY::getOppCurrency( $uom_cy );
    $cy_cy2_rate  = (float)USD_CNY::getCurrencyRateFrom( $uom_cy );

    $createby   = filter_var( $_SESSION['user'], FILTER_SANITIZE_STRING );
    $lastupby   = filter_var( $_SESSION['user'], FILTER_SANITIZE_STRING );

    //get customer default settings
    $customer = getDB_where( 'master_customer', 'custcode=:custcode', array( ':custcode'=>$custcode ) );
    if ( empty( $customer ) ) {
        print "Invalid Request";
        exit;
    }

    $sql_param = array( ':custcode' => $custcode,
        ':order_nbr' => $order_nbr,
        ':vendor' => $vendor,
        ':launch_date' => $launch_date,
        ':custorder_ref' => $custorder_ref,
        ':status' => $status,
        ':del_date' => $del_date,
        ':confirm_date' => $confirm_date,
        ':remark' => $remark,
        ':discount' => $discount,
        ':paymethod' => $paymethod,
        ':isserviceorder' => $isserviceorder,
        ':uom_cy' => $uom_cy,
        ':uom_cy2' => $uom_cy2,
        ':cy_cy2_rate' => $cy_cy2_rate,
        ':loss_18k' => (float)filter_var( $customer['loss_18k'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION ),
        ':loss_14k' => (float)filter_var( $customer['loss_14k'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION ),
        ':loss_9_10k' => (float)filter_var( $customer['loss_9_10k'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION ),
        ':loss_silver' => (float)filter_var( $customer['loss_silver'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION ),
        ':createby' => $createby,
        ':lastupby' => $lastupby );

    $sql = "INSERT INTO ord_main (
                custcode, order_nbr, vendor, launch_date,
                custorder_ref, status, del_date, confirm_date,
                remark, discount, paymethod, isrepairorder,
                uom_cy, uom_cy2, cy_cy2_rate,
                loss_18k, loss_14k, loss_9_10k, loss_silver,
                createby, createdate, lastupby, lastupdate
            ) VALUES (
                  :custcode, :order_nbr, :vendor, :launch_date,
                  :custorder_ref, :status, :del_date, :confirm_date,
                  :remark, :discount, :paymethod, :isrepairorder,
                  :uom_cy, :uom_cy2, :cy_cy2_rate,
                  :loss_18k, :loss_14k, :loss_9_10k, :loss_silver,
                  :createby, GETDATE(), :lastupby, GETDATE()
            )";

    $sth = $dbh->prepare( $sql );
    $q = $sth->execute( $sql_param );
    //echo $sth->getSQL( $sql_param ) . HTML_EOL;
    pdo_showerror( $sth, $q );
    $refid = $dbh->lastInsertId();


    /*exit;    */

    //if(havePermission("BMu")){
    $dbh->beginTransaction();

    if ( !empty( $_REQUEST['services'] ) ) {

        markallService( $refid );

        foreach ( $_REQUEST['services'] as $key=>$serv_item ) {
            if ( $key>0 ) { //valid row
                if ( $serv_item['refid']>0 ) { //existing product
                    updateService( $refid, $serv_item, true );
                }else { //new product
                    addService( $refid, $serv_item, true );
                }
            }
        }

        removeDeletedService( $refid );

    }
    updateMainValue( $refid );

    ord_updateOrderPureMaterial( $refid );
    //exit;

    //}
    $dbh->commit();
    //$dbh->rollBack();

    //exit;
    form_dest( $_REQUEST['godest'], $_REQUEST['formdest'] );
    header( "Location: ord_serv_dtl_modifyform.php?refid=$refid&msg=Saved." );
    print "Saved.";
    exit;


}
print "Invalid Request";