/var/www/enzatesting.onesolution.hk/master_add.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

<?php require_once "inc/configure.php";

//$refid                 = filter_var($_REQUEST['refid'], FILTER_SANITIZE_STRING);


//(int)$_REQUEST['productID'];
//vdump($_REQUEST);
if( $_REQUEST['action']=="master_addform"){
    // && !empty($refid) ){
    
    $typeid             filter_var($_REQUEST['typeid'], FILTER_SANITIZE_STRING);    
    $codeid                 filter_var($_REQUEST['codeid'], FILTER_SANITIZE_STRING);    
    $codedesc             filter_var($_REQUEST['codedesc'], FILTER_SANITIZE_STRING);    
    $ccodedesc             filter_var($_REQUEST['ccodedesc'], FILTER_SANITIZE_STRING);    
    $deleted             filter_var($_REQUEST['deleted'], FILTER_SANITIZE_STRING);
    $deleted            = empty($deleted)?'0':'1';
    $createby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    $lastupby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
        
    if($_REQUEST['userpwd'] != $_REQUEST['userpwd_confirm']){
        $msg "Passwords do not match";
        header("Location: master_user_addform.php?error=$msg");
        exit;
    }    
        
    // check existance of itemno before insert    
    $sql "SELECT count(*) as count from master_type_code 
            where typeid=:typeid and codeid=:codeid";
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':typeid'=> $typeid,
                            ':codeid'=> $codeid) );
    pdo_showerror($sth$q);
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="Master Type already existed";
        header("Location: master_addform.php?typeid=$typeid&error=$msg");
        exit;    
    }
    unset($sth);
    
    //add stone
    $sql "INSERT INTO master_type_code SET 
                typeid = :typeid,
                codeid = :codeid, 
                codedesc_en = :codedesc,
                codedesc_sc = :ccodedesc, 
                createby = :createby, 
                createdate = NOW(),
                lastupby = :lastupby, 
                lastupdate = NOW()";
                
    if (defined("MSSQL")) {
        $sql "INSERT INTO master_type_code ( 
                    typeid,
                    codeid, 
                    codedesc_en,
                    codedesc_sc,
                    deleted, 
                    createby, 
                    createdate,
                    lastupby, 
                    lastupdate )
                Values (
                    :typeid,
                    :codeid, 
                    :codedesc,
                    :ccodedesc,
                    :deleted, 
                    :createby, 
                    GETDATE(),
                    :lastupby, 
                    GETDATE() )";
    }
                
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':typeid' => $typeid
                            ':codeid' => $codeid,
                            ':codedesc' => $codedesc
                            ':ccodedesc' => $ccodedesc,
                            ':deleted' => $deleted,
                            ':createby' => $createby,
                            ':lastupby' => $lastupby) );
    pdo_showerror($sth$q);
/*echo $sth->getSQL( array(':typeid' => $typeid, 
                            ':codeid' => $codeid,
                            ':codedesc' => $codedesc, 
                            ':ccodedesc' => $ccodedesc,
                            ':createby' => $createby,
                            ':lastupby' => $lastupby) ) . HTML_EOL;*/
//        
//    //exit;                
    header("Location: master_index.php?typeid=$typeid&msg=Saved."); 
    print "Saved.";
    exit;
    
    
}
print "Invalid Request";