1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<?php
$formid = $_REQUEST['formid'];
require_once "inc/configure.php";
if(havePermission("PPu")==false){
//echo $permissionstr;
print INVALID.WS.PERMISSION;
exit;
}
$refid = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_STRING);
$qtn_price = filter_var($_REQUEST['qtn_price'], FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);
$lastupby = filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
if( $_REQUEST['action']=="dgn_extrabom_modify_qtnprice" && $refid && is_numeric($qtn_price) ){ //ord_dtl_express_modify
// admin can change selling price
$sql = "UPDATE dgn_extra_bom SET
qtn_price=:qtn_price,
lastupby=:lastupby,
lastupdate=GETDATE()
WHERE refid=:refid";
$sth = $dbh->prepare($sql);
$q= $sth->execute( array(':refid'=> $refid,
':qtn_price'=> $qtn_price,
':lastupby' => $lastupby) );
/* echo $sth->getSQL( array(':refid'=> $refid,
':unitprice'=> $unitprice,
':lastupby' => $lastupby) ).HTML_EOL; exit;*/
pdo_showerror($sth, $q);
print FINISHED;
exit;
}
print "Invalid Request";
|