-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathFixedAssetLocations.php
130 lines (113 loc) · 4.81 KB
/
FixedAssetLocations.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
$PageSecurity = 11;
include('includes/session.inc');
$title = _('Fixed Asset Locations');
include('includes/header.inc');
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' .
_('Search') . '" alt="">' . ' ' . $title;
if (isset($_POST['submit'])) {
$InputError=0;
if (!isset($_POST['locationid']) or strlen($_POST['locationid'])<1) {
prnMsg(_('You must enter at least one character in the location ID'),'error');
$InputError=1;
}
if (!isset($_POST['locdesc']) or strlen($_POST['locdesc'])<1) {
prnMsg(_('You must enter at least one character in the location description'),'error');
$InputError=1;
}
if ($InputError==0) {
$sql='INSERT INTO fixedassetlocations
VALUES (
"'.$_POST['locationid'].'",
"'.$_POST['locdesc'].'",
"'.$_POST['parentlocationid'].'")';
$result=DB_query($sql, $db);
}
}
if (isset($_GET['SelectedLocation'])) {
$sql='SELECT * FROM fixedassetlocations WHERE locationid="'.$_GET['SelectedLocation'].'"';
$result=DB_query($sql, $db);
$myrow=DB_fetch_array($result);
$locationid=$myrow['locationid'];
$locdesc=$myrow['locationdescription'];
$parentlocationid=$myrow['parentlocationid'];
} else {
$locationid='';
$locdesc='';
}
//Batman: Attempting to update fields
if (isset($_POST['update'])) {
$InputError=0;
/*Batman: Removing the ID
if (!isset($_POST['locationid']) or strlen($_POST['locationid'])<1) {
prnMsg(_('You must enter at least one character in the location ID'),'error');
$InputError=1;
}*/
if (!isset($_POST['locdesc']) or strlen($_POST['locdesc'])<1) {
prnMsg(_('You must enter at least one character in the location description'),'error');
$InputError=1;
}
if ($InputError==0) {
$sql='UPDATE fixedassetlocations SET
locationdescription="'.$_POST['locdesc'].'",
parentlocationid="'.$_POST['parentlocationid'].'"
WHERE locationid ="'.$_POST['locationid'].'"';
$result=DB_query($sql,$db);
//Batman: Testing leaking sql echo $sql;
echo '<meta http-equiv="Refresh" content="0; url="'.$_SERVER['PHP_SELF'].'">';
}
}
$sql='SELECT * FROM fixedassetlocations';
$result=DB_query($sql, $db);
echo '<table><tr>';
echo '<th>'._('Location ID').'</th><th>'._('Location Description').'</th><th>'._('Parent Location').'</th></tr>';
while ($myrow=DB_fetch_array($result)) {
$parentsql='select locationdescription from fixedassetlocations where locationid="'.$myrow['parentlocationid'].'"';
$parentresult=DB_query($parentsql, $db);
$parentrow=DB_fetch_array($parentresult);
echo '<tr><td>'.$myrow['locationid'].'</td>';
echo '<td>'.$myrow['locationdescription'].'</td>';
echo '<td>'.$parentrow['locationdescription'].'</td>';
echo '<td><a href="'.$_SERVER['PHP_SELF'] . '?' . SID.'SelectedLocation='.$myrow['locationid'].'">' .
_('Edit') . '</td>'; //Batman: added '; and duplicated line as below
echo '<td><a href="'.$_SERVER['PHP_SELF'] . '?' . SID.'SelectedLocation='.$myrow['locationid'].'">' .
_('Delete') . '</td></tr>';
//Batman: Just hashed this out</tr>';
}
//Batman: Captureing the location ID before the update process
//echo $loc = "'.$_POST['locationid'].'";
echo '</table><br>';
echo '<form name="LocationForm" method="post" action="' . $_SERVER['PHP_SELF'] . '?' . SID . '"><table>';
echo '<tr><th style="text-align:left">'._('Location ID').'</th>';
if (isset($_GET['SelectedLocation']))
echo '<td><b><input type=text name=locationid size=6 value="'.$locationid.'"></b></td>';
else
echo '<td><input type=text name=locationid size=6 value="'.$locationid.'"></td></tr>';
echo '<tr><th style="text-align:left">'._('Location Description').'</th>';
echo '<td><input type=text name=locdesc size=20 value="'.$locdesc.'"></td></tr>';
echo '<tr><th style="text-align:left">'._('Parent Location').'</th>';
echo '<td><select name=parentlocationid>';
$sql='SELECT * FROM fixedassetlocations';
$result=DB_query($sql, $db);
echo '<option value=""></option>';
while ($row=DB_fetch_array($result)) {
if ($row['locationid']==$parentlocationid) {
echo '<option selected value="'.$row['locationid'].'">'.$row['locationdescription'].'</option>';
} else {
echo '<option value="'.$row['locationid'].'">'.$row['locationdescription'].'</option>';
}
}
echo '</select>';
//Batman: Collecting all ParentLocations
echo '</td></tr>';
echo '</table><br>';
//Batman: parentlocationid checking the location ID
//echo $locationid;
echo '<div class="centre">';
if (isset($_GET['SelectedLocation']))
echo '<input type="Submit" name="update" value="' . _('Update Information') . '">';
else echo '<input type="submit" name="submit" value="' . _('Enter Information') . '">';
echo '</div>';
echo '</form>';
include('includes/footer.inc');
?>