/var/www/enzatesting.onesolution.hk/master_supplier_modify.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

<?php require_once "inc/configure.php";

$refid                 = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_NUMBER_INT);

//(int)$_REQUEST['productID'];
if( $_POST['action']=="supplier_modifyform" && !empty($refid) ){
    
    $code                 filter_var($_REQUEST['code'], FILTER_SANITIZE_STRING);
    $companyname_en     filter_var($_REQUEST['companyname_en'], FILTER_SANITIZE_STRING);    
    $companyname_sc         filter_var($_REQUEST['companyname_sc'], FILTER_SANITIZE_STRING);
    $suppliername_en         filter_var($_REQUEST['suppliername_en'], FILTER_SANITIZE_STRING);    
    $suppliername_sc         filter_var($_REQUEST['suppliername_sc'], FILTER_SANITIZE_STRING);
    $iscasting        = empty($_REQUEST['iscasting'])?    '0' '1';
    
    $addr1             filter_var($_REQUEST['addr1'], FILTER_SANITIZE_STRING);
    $addr2             filter_var($_REQUEST['addr2'], FILTER_SANITIZE_STRING);
    $postcode         filter_var($_REQUEST['postcode'], FILTER_SANITIZE_STRING);
    $city             filter_var($_REQUEST['city'], FILTER_SANITIZE_STRING);
    $country         filter_var($_REQUEST['country'], FILTER_SANITIZE_STRING);
    $telno             filter_var($_REQUEST['telno'], FILTER_SANITIZE_STRING);
    $faxno             filter_var($_REQUEST['faxno'], FILTER_SANITIZE_STRING);
    $email             filter_var($_REQUEST['email'], FILTER_SANITIZE_STRING);
    $contactname     filter_var($_REQUEST['contactname'], FILTER_SANITIZE_STRING);
    $contacttel     filter_var($_REQUEST['contacttel'], FILTER_SANITIZE_STRING);
    $contactmob     filter_var($_REQUEST['contactmob'], FILTER_SANITIZE_STRING);
    $contactemail     filter_var($_REQUEST['contactemail'], FILTER_SANITIZE_STRING);
        
    $lang                 filter_var($_REQUEST['lang'], FILTER_SANITIZE_STRING);
    $favtransporteur    filter_var($_REQUEST['favtransporteur'], FILTER_SANITIZE_STRING);
    $uom_cy             filter_var($_REQUEST['uom_cy'], FILTER_SANITIZE_STRING);
    $paymethod             filter_var($_REQUEST['paymethod'], FILTER_SANITIZE_STRING);
    $fin_remark            filter_var($_REQUEST['fin_remark'], FILTER_SANITIZE_STRING);
    $remark             filter_var($_REQUEST['remark'], FILTER_SANITIZE_STRING);
    
    //$createby            = filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    $lastupby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);

    // check existance of custcode before insert    
    $sql "SELECT count(*) as count from master_supplier where custcode=:custcode  AND refid!=:refid ";
    $sth $dbh->prepare($sql);
    $sth->execute( array(':custcode'=> $custcode,
                            ':refid'=> $refid) );
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="Supplier code already existed";
        header("Location: master_supplier_index.php?error=$msg");
        exit;    
    }        
    unset($sth);
    
    //modify stone
    $sql "UPDATE master_supplier SET 
                companyname_en = :companyname_en,
                companyname_sc = :companyname_sc,
                suppliername_en = :suppliername_en,
                suppliername_sc = :suppliername_sc,
                code = :code, 
                iscasting = :iscasting,
                
                addr1 = :addr1,
                addr2 = :addr2,
                postcode = :postcode,
                city = :city,
                country = :country,
                telno = :telno,
                faxno = :faxno,
                email = :email,
                contactname = :contactname,
                contacttel = :contacttel,
                contactmob = :contactmob,
                contactemail = :contactemail,
                
                remark = :remark,
                uom_cy = :uom_cy,
                
                lastupby = :lastupby, 
                lastupdate = GETDATE()
            WHERE refid = :refid";
            
                
    $sth $dbh->prepare($sql);
    $q $sth->execute( array(':companyname_en' => $companyname_en
                            ':companyname_sc' => $companyname_sc,
                            ':suppliername_en' => $suppliername_en,
                            ':suppliername_sc' => $suppliername_sc
                            ':code' => $code,
                            ':iscasting' => $iscasting,
                    
                            ':addr1' => $addr1,
                            ':addr2' => $addr2
                            ':postcode' => $postcode
                            ':city' => $city
                            ':country' => $country
                            ':telno' => $telno
                            ':faxno' => $faxno
                            ':email' => $email
                            ':contactname' => $contactname
                            ':contacttel' => $contacttel
                            ':contactmob' => $contactmob
                            ':contactemail' => $contactemail
                            
                            ':remark' => $remark
                            ':uom_cy' => $uom_cy
                            
                            ':lastupby' => $lastupby,
                            ':refid' => $refid) );
    pdo_showerror($sth$q);
/*echo $sth->getSQL(  ) . HTML_EOL;*/


    form_dest($_REQUEST['godest'], $_REQUEST['formdest']);
    //header("Location: master_supplier_index.php?act=resume&refid=$refid&msg=Saved."); 
    header("Location: master_supplier_modifyform.php?refid=$refid&msg=Saved.");
    print "Saved.";
    exit;
    
    
}
print "Invalid Request";


?>