Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SELECT company, customer_number, invoice_date, invoice_number, invoice_rep, item_number, item_description, item_qty, item_price FROM customer_data.invoices WHERE customer_number = "047811" ORDER BY invoice_date, invoice_number, item_number;
- function show_invoices(customer_number){
- document.body.style.cursor = 'wait';
- document.getElementById('float_panel1_body').innerHTML = "<h2 class='ticket_yellow'>Searching...</h2>";
- var link = "http://ls1/portal/include/customer_data/CustomerData_invoices.php?customer_number=" + customer_number;
- var xhttp = new XMLHttpRequest();
- xhttp.open("GET", link, true);
- xhttp.onreadystatechange = function() {
- if (xhttp.readyState == 4 && xhttp.status == 200) {
- search_results_raw = xhttp.responseText;
- if (search_results_raw == "false") {
- //document.getElementById('float_panel1_header').innerHTML = xhttp.responseText;
- //show_no_results();
- }else{
- //document.getElementById('float_panel1_header').innerHTML = xhttp.responseText;
- //show_results_invoices(xhttp.responseText);
- test_results(xhttp.responseText);
- }
- }
- }
- xhttp.send();
- <?php
- $cd_invoices = [];
- $user="user";
- $host="localhost";
- $password="password";
- $database="customer_data";
- if ( !isset($_GET['customer_number']) ) {
- exit();
- }
- $customer_number = $_GET['customer_number'];
- if (!$cxn = mysqli_connect($host,$user,$password,$database)) {
- $error = "SQL error in connecting to server. ";
- $error = $error.mysqli_error($cxn);
- echo "<strong>$error</strong>";
- //include 'backtohome.php';
- exit();
- }
- /// this is where the text is escaped for mysql
- /// after mysqli_connect, but before mysqli_query
- $customer_number_escaped = mysqli_real_escape_string($cxn, $customer_number);
- // now setup query with escaped strings
- $query="SELECT company, customer_number, invoice_date, invoice_number, invoice_rep, item_number, item_description, item_qty, item_price FROM customer_data.invoices WHERE customer_number = $customer_number_escaped ORDER BY invoice_date, invoice_number, item_number";
- if (!$result = mysqli_query($cxn,$query)) {
- $error = "SQL error in query. ";
- $error = $error.mysqli_error($cxn);
- echo "<strong>$error</strong>";
- exit();
- }
- $returned = mysqli_affected_rows($cxn);
- if ($returned > 0) {
- // record exist
- // temp change to array
- while($row = mysqli_fetch_assoc($result))
- {
- $cd_invoices[] = $row;
- }
- mysqli_close($cxn);
- echo json_encode($cd_invoices);
- }else{
- echo "false";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement