/var/www/enzatesting.onesolution.hk/master_svc_add.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

<?php require_once "inc/configure.php";

$refid                 = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_NUMBER_INT);

//(int)$_REQUEST['productID'];
//vdump($_REQUEST);
if( $_REQUEST['action']=="master_svc_addform" ){
    

    $code             strtoupper(filter_var($_REQUEST['code'], FILTER_SANITIZE_STRING));    
    $unit_price     = (float) filter_var($_REQUEST['unit_price'], FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);    
    $uom_cy         filter_var($_REQUEST['uom_cy'], FILTER_SANITIZE_STRING);
    $uom_svc        filter_var($_REQUEST['uom_svc'], FILTER_SANITIZE_STRING);

    $createby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    $lastupby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);

    // check existance of SVC before insert    
    $sql "SELECT count(*) as count from master_svc_cost 
            where code=:code";
    $sth $dbh->prepare($sql);
    $sth->execute( array(':code'=> $code) );
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="Master Service already existed";
        header("Location: master_svc_addform.php?error=$msg");
        exit;    
    }
    unset($sth);
    
    //add stone
    $sql "INSERT INTO master_svc_cost SET 
                code = :code,
                unit_price = :unit_price,
                uom_cy = :uom_cy,
                uom_svc = :uom_svc,
                createby = :createby, 
                createdate = NOW(),
                lastupby = :lastupby, 
                lastupdate = NOW()";
                
    if (defined("MSSQL")) {
        $sql "INSERT INTO master_svc_cost ( 
                    code,
                    unit_price,
                    uom_cy,
                    uom_svc,
                    createby, 
                    createdate,
                    lastupby, 
                    lastupdate )
                values (
                    :code,
                    :unit_price,
                    :uom_cy,
                    :uom_svc,
                    :createby, 
                    GETDATE(),
                    :lastupby, 
                    GETDATE() )";
    }
                
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':code' => $code
                            ':unit_price' => $unit_price,
                            ':uom_cy' => $uom_cy
                            ':uom_svc' => $uom_svc,
                            ':createby' => $createby,
                            ':lastupby' => $lastupby) );
    pdo_showerror($sth$q);
/*echo $sth->getSQL(  ) . HTML_EOL;*/
        
    //exit;                
    header("Location: master_svc_addform.php?msg=Saved."); 
    print "Saved.";
    exit;
    
    
}
print "Invalid Request";