API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 29th, 2016
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.51 KB | None | 0 0
raw download clone embed print report
  1. SELECT company, customer_number, invoice_date, invoice_number, invoice_rep, item_number, item_description, item_qty, item_price FROM customer_data.invoices WHERE customer_number = "047811" ORDER BY invoice_date, invoice_number, item_number;
  2.  
  3. function show_invoices(customer_number){
  4. document.body.style.cursor = 'wait';
  5. document.getElementById('float_panel1_body').innerHTML = "<h2 class='ticket_yellow'>Searching...</h2>";
  6.  
  7. var link = "http://ls1/portal/include/customer_data/CustomerData_invoices.php?customer_number=" + customer_number;
  8. var xhttp = new XMLHttpRequest();
  9.  
  10. xhttp.open("GET", link, true);
  11.  
  12. xhttp.onreadystatechange = function() {
  13. if (xhttp.readyState == 4 && xhttp.status == 200) {
  14. search_results_raw = xhttp.responseText;
  15.  
  16. if (search_results_raw == "false") {
  17. //document.getElementById('float_panel1_header').innerHTML = xhttp.responseText;
  18. //show_no_results();
  19. }else{
  20. //document.getElementById('float_panel1_header').innerHTML = xhttp.responseText;
  21. //show_results_invoices(xhttp.responseText);
  22. test_results(xhttp.responseText);
  23. }
  24. }
  25. }
  26. xhttp.send();
  27.  
  28. <?php
  29. $cd_invoices = [];
  30. $user="user";
  31. $host="localhost";
  32. $password="password";
  33. $database="customer_data";
  34.  
  35. if ( !isset($_GET['customer_number']) ) {
  36. exit();
  37. }
  38. $customer_number = $_GET['customer_number'];
  39.  
  40. if (!$cxn = mysqli_connect($host,$user,$password,$database)) {
  41. $error = "SQL error in connecting to server. ";
  42. $error = $error.mysqli_error($cxn);
  43. echo "<strong>$error</strong>";
  44. //include 'backtohome.php';
  45. exit();
  46. }
  47. /// this is where the text is escaped for mysql
  48. /// after mysqli_connect, but before mysqli_query
  49. $customer_number_escaped = mysqli_real_escape_string($cxn, $customer_number);
  50.  
  51. // now setup query with escaped strings
  52. $query="SELECT company, customer_number, invoice_date, invoice_number, invoice_rep, item_number, item_description, item_qty, item_price FROM customer_data.invoices WHERE customer_number = $customer_number_escaped ORDER BY invoice_date, invoice_number, item_number";
  53.  
  54. if (!$result = mysqli_query($cxn,$query)) {
  55. $error = "SQL error in query. ";
  56. $error = $error.mysqli_error($cxn);
  57. echo "<strong>$error</strong>";
  58. exit();
  59. }
  60.  
  61. $returned = mysqli_affected_rows($cxn);
  62. if ($returned > 0) {
  63. // record exist
  64. // temp change to array
  65. while($row = mysqli_fetch_assoc($result))
  66. {
  67. $cd_invoices[] = $row;
  68. }
  69. mysqli_close($cxn);
  70. echo json_encode($cd_invoices);
  71. }else{
  72. echo "false";
  73. }
  74.  
  75. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!