1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
<?php require_once "inc/configure.php";
//$refid = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_NUMBER_INT);
//(int)$_REQUEST['productID'];
//vdump($_REQUEST);
if( $_POST['action']=="supplier_addform"){
$companyname_en = filter_var($_REQUEST['companyname_en'], FILTER_SANITIZE_STRING);
$companyname_sc = filter_var($_REQUEST['companyname_sc'], FILTER_SANITIZE_STRING);
$suppliername_en = filter_var($_REQUEST['suppliername_en'], FILTER_SANITIZE_STRING);
$suppliername_sc = filter_var($_REQUEST['suppliername_sc'], FILTER_SANITIZE_STRING);
$code = strtoupper(filter_var($_REQUEST['code'], FILTER_SANITIZE_STRING));
$iscasting = empty($_REQUEST['iscasting'])? '0' : '1';
$addr1 = filter_var($_REQUEST['addr1'], FILTER_SANITIZE_STRING);
$addr2 = filter_var($_REQUEST['addr2'], FILTER_SANITIZE_STRING);
$postcode = filter_var($_REQUEST['postcode'], FILTER_SANITIZE_STRING);
$city = filter_var($_REQUEST['city'], FILTER_SANITIZE_STRING);
$country = filter_var($_REQUEST['country'], FILTER_SANITIZE_STRING);
$telno = filter_var($_REQUEST['telno'], FILTER_SANITIZE_STRING);
$faxno = filter_var($_REQUEST['faxno'], FILTER_SANITIZE_STRING);
$email = filter_var($_REQUEST['email'], FILTER_SANITIZE_STRING);
$contactname = filter_var($_REQUEST['contactname'], FILTER_SANITIZE_STRING);
$contacttel = filter_var($_REQUEST['contacttel'], FILTER_SANITIZE_STRING);
$contactmob = filter_var($_REQUEST['contactmob'], FILTER_SANITIZE_STRING);
$contactemail = filter_var($_REQUEST['contactemail'], FILTER_SANITIZE_STRING);
$lang = filter_var($_REQUEST['lang'], FILTER_SANITIZE_STRING);
$favtransporteur = filter_var($_REQUEST['favtransporteur'], FILTER_SANITIZE_STRING);
$uom_cy = filter_var($_REQUEST['uom_cy'], FILTER_SANITIZE_STRING);
$paymethod = filter_var($_REQUEST['paymethod'], FILTER_SANITIZE_STRING);
$fin_remark = filter_var($_REQUEST['fin_remark'], FILTER_SANITIZE_STRING);
$remark = filter_var($_REQUEST['remark'], FILTER_SANITIZE_STRING);
$createby = filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
$lastupby = filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
// check existance of custcode before insert
$sql = "SELECT count(*) as count from master_supplier where code=:code ";
$sth = $dbh->prepare($sql);
$sth->execute( array(':code'=> $code) );
$row = $sth->fetch();
if( $row['count']>0 ){
$msg="Supplier code already existed";
header("Location: master_supplier_index.php?error=$msg");
exit;
}
unset($sth);
//modify stone
$sql = "INSERT INTO master_supplier (
companyname_en,
companyname_sc,
suppliername_en,
suppliername_sc,
code,
iscasting,
addr1,
addr2,
postcode,
city,
country,
telno,
faxno,
email,
contactname,
contacttel,
contactmob,
contactemail,
remark,
uom_cy,
lastupby,
lastupdate,
createby,
createdate
) VALUES (
:companyname_en,
:companyname_sc,
:suppliername_en,
:suppliername_sc,
:code,
:iscasting,
:addr1,
:addr2,
:postcode,
:city,
:country,
:telno,
:faxno,
:email,
:contactname,
:contacttel,
:contactmob,
:contactemail,
:remark,
:uom_cy,
:lastupby,
getdate(),
:createby,
getdate()
)";
$sth = $dbh->prepare($sql);
$q = $sth->execute( array(':companyname_en' => $companyname_en,
':companyname_sc' => $companyname_sc,
':suppliername_en' => $suppliername_en,
':suppliername_sc' => $suppliername_sc,
':code' => $code,
':iscasting' => $iscasting,
':addr1' => $addr1,
':addr2' => $addr2,
':postcode' => $postcode,
':city' => $city,
':country' => $country,
':telno' => $telno,
':faxno' => $faxno,
':email' => $email,
':contactname' => $contactname,
':contacttel' => $contacttel,
':contactmob' => $contactmob,
':contactemail' => $contactemail,
':remark' => $remark,
':uom_cy' => $uom_cy,
':createby' => $createby,
':lastupby' => $lastupby) );
/*echo $sth->getSQL( ) . HTML_EOL;*/
pdo_showerror($sth, $q);
$refid = $dbh->lastInsertId();
//exit;
//header("Location: master_supplier_index.php?act=resume&msg=Saved.");
form_dest($_REQUEST['godest'], $_REQUEST['formdest']);
header("Location: master_supplier_modifyform.php?refid=$refid&msg=Saved.");
print "Saved.";
exit;
}
print "Invalid Request";
|