API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 11th, 2017
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 23.41 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include("connects.php");
  3. error_reporting(0);
  4. $act=$_REQUEST['action'];
  5. ////////CHECK FORM PROCESS FOR NEW CUSTOMERS//////
  6. if($act=='runform'){
  7. $fname=mysql_real_escape_string($_REQUEST['fname']);
  8. $lname=mysql_real_escape_string($_REQUEST['lname']);
  9. $company=mysql_real_escape_string($_REQUEST['company']);
  10. $taxid=mysql_real_escape_string($_REQUEST['taxid']);
  11. $billingaddress=mysql_real_escape_string($_REQUEST['billingaddress']);
  12. $billingcity=mysql_real_escape_string($_REQUEST['billingcity']);
  13. $billingstate=mysql_real_escape_string($_REQUEST['billingstate']);
  14. $billingzip=mysql_real_escape_string($_REQUEST['billingzip']);
  15. $billingsuite=mysql_real_escape_string($_REQUEST['billingsuite']);
  16. $billingphone=mysql_real_escape_string($_REQUEST['billingphone']);
  17. $billingfax=mysql_real_escape_string($_REQUEST['billingfax']);
  18. $email=mysql_real_escape_string($_REQUEST['email']);
  19.  
  20.  
  21. $confname=mysql_real_escape_string($_REQUEST['confname']);
  22. $conlname=mysql_real_escape_string($_REQUEST['conlname']);
  23. $conemail=mysql_real_escape_string($_REQUEST['conemail']);
  24. $conphone=mysql_real_escape_string($_REQUEST['conphone']);
  25.  
  26. $confname1=mysql_real_escape_string($_REQUEST['confname1']);
  27. $conlname1=mysql_real_escape_string($_REQUEST['conlname1']);
  28. $conemail1=mysql_real_escape_string($_REQUEST['conemail1']);
  29. $conphone1=mysql_real_escape_string($_REQUEST['conphone1']);
  30.  
  31. $confname2=mysql_real_escape_string($_REQUEST['confname2']);
  32. $conlname2=mysql_real_escape_string($_REQUEST['conlname2']);
  33. $conemail2=mysql_real_escape_string($_REQUEST['conemail2']);
  34. $conphone2=mysql_real_escape_string($_REQUEST['conphone2']);
  35.  
  36. $shipcompany=mysql_real_escape_string($_REQUEST['shipcompany']);
  37. $issame=mysql_real_escape_string($_REQUEST['issame']);
  38. $shipphone=mysql_real_escape_string($_REQUEST['shipphone']);
  39. $shipaddress=mysql_real_escape_string($_REQUEST['shipaddress']);
  40. $shipcity=mysql_real_escape_string($_REQUEST['shipcity']);
  41. $shipstate=mysql_real_escape_string($_REQUEST['shipstate']);
  42. $shipzip=mysql_real_escape_string($_REQUEST['shipzip']);
  43. $salesasso=mysql_real_escape_string($_REQUEST['salesasso']);
  44. $collector=mysql_real_escape_string($_REQUEST['collector']);
  45. $creditlimit=mysql_real_escape_string($_REQUEST['creditlimit']);
  46. $creditstat=mysql_real_escape_string($_REQUEST['creditstat']);
  47. $agingmethod=mysql_real_escape_string($_REQUEST['agingmethod']);
  48. $cusnum=$_REQUEST['cusnum'];
  49.  
  50.  
  51. if($fname==''){echo 'First Name<br>'; $er='1';}
  52. if($lname==''){echo 'Last Name<br>'; $er='1';}
  53. if($company==''){echo 'Company<br>'; $er='1';}
  54. if($billingaddress==''){echo 'Billing Address<br>'; $er='1';}
  55. if($billingcity==''){echo 'Billing City<br>'; $er='1';}
  56. if($billingstate==''){echo 'Billing State<br>'; $er='1';}
  57. if($billingzip==''){echo 'Billing Zip<br>'; $er='1';}
  58. if($billingphone==''){echo 'Billing Phone<br>'; $er='1';}
  59. if($email==''){echo 'Email<br>'; $er='1';}
  60.  
  61. if($issame=='true'){
  62. }else{
  63. if($shipcompany==''){echo 'Shipping Company Name<br>'; $er='1';}
  64. if($shipaddress==''){echo 'Shipping Address<br>'; $er='1';}
  65. if($shipcity==''){echo 'Shipping City<br>'; $er='1';}
  66. if($shipstate==''){echo 'Shipping State<br>'; $er='1';}
  67. if($shipzip==''){echo 'Shipping Zip<br>'; $er='1';}
  68. }
  69. if($er==''){
  70. ////////IF DATA IS FULL INSERT INTO DB//////
  71. $fullConname="$confname $conlname";/////JOINS FIRST AND LAST NAME OF NEW CLIENT.
  72.  
  73.  
  74. if($billingsuite == ''){
  75. $billingsuite='Add Suite'; 
  76. }
  77. if($billingfax == ''){
  78. $billingfax='Add Fax'; 
  79. }
  80. $curdt=date('m/d/Y');
  81.  
  82. mysql_query("INSERT INTO customers SET custnum='$cusnum',    fname='$fname',    lname='$lname',     compname='$company',    taxid='$taxid',     billadd='$billingaddress',  billsuit='$billingsuite',   billcity='$billingcity',    billstate='$billingstate',  billzip='$billingzip',  billphone='$billingphone',  billfax='$billingfax',  email='$email',     contactname='$fullConname',     conemail='$conemail',   contactphone='$conphone',   shipadd='$shipaddress',  shipcity='$shipcity',  shipstate='$shipstate',     shipzip='$shipzip', shipcom='$shipcompany', shipphone='$shipphone',    salesass='$salesasso',    collector='$collector',    credlim='$creditlimit',    creditstat='$creditstat',    paymentage='$agingmethod', active='true', isbillsame='$issame', namto='$fname $lname', adddat='$curdt'")or die('Data Entry Error, Review Client Entry!');
  83. echo 'good';
  84.  
  85. ///////ADDITONALS CONTACT ENTRY HERE.
  86.  
  87. $g=mysql_query("SELECT * FROM customers WHERE fname='$fname' AND lname='$lname' AND active='true' ORDER BY cusid DESC");
  88. $r=mysql_fetch_array($g);
  89. $cusid=$r["cusid"];
  90.  
  91. if($confname1!=''){
  92.     if($confname1==''){$confname1='None';}
  93.     if($conlname1==''){$conlname1='None';}
  94.     if($conemail1==''){$conemail1='None';}
  95.     if($conphone1==''){$conphone1='None';}
  96.    
  97. mysql_query(" INSERT INTO addcontacts SET blong='$cusid',     cfname='$confname1',     clname='$conlname1',    cemail='$conemail1',      chphone='$conphone1', listtype='1'")or die(mysql_error());
  98. }
  99. if($confname2!=''){
  100.     if($confname2==''){$confname2='None';}
  101.     if($conlname2==''){$conlname2='None';}
  102.     if($conemail2==''){$conemail2='None';}
  103.     if($conphone2==''){$conphone2='None';}
  104. mysql_query(" INSERT INTO addcontacts SET blong='$cusid',     cfname='$confname2',     clname='$conlname2',    cemail='$conemail2',      chphone='$conphone2', listtype='2'")or die(mysql_error());
  105. }
  106. }
  107. }
  108. $som='false';
  109. if($som=='true'){
  110. $cusid=$b["cusid"];
  111. $fname=$b["fname"];
  112. $lname=$b["lname"];
  113. $compname=$b["compname"];  
  114. $taxid=$b["taxid"];
  115. $billadd=$b["billadd"];
  116. $billsuit=$b["billsuit"];  
  117. $billcity=$b["billcity"];  
  118. $billstate=$b["billstate"];
  119. $billzip=$b["billzip"];
  120. $billphone=$b["billphone"];
  121. $billfax=$b["billfax"];
  122. $email=$b["email"];
  123. $contactname=$b["contactname"];
  124. $conemail=$b["conemail"];  
  125. $contactphone=$b["contactphone"];  
  126. $shipadd=$b["shipadd"];
  127. $shipsuit=$b["shipsuit"];  
  128. $shipcity=$b["shipcity"];  
  129. $shipstate=$b["shipstate"];
  130. $shipzip=$b["shipzip"];
  131.    
  132. }
  133.  
  134. ///EDIT CUSTOMERS///
  135. if($act=='editcust'){
  136. $fname=mysql_real_escape_string($_REQUEST['fname']);
  137. $lname=mysql_real_escape_string($_REQUEST['lname']);
  138. $company=mysql_real_escape_string($_REQUEST['company']);
  139. $taxid=mysql_real_escape_string($_REQUEST['taxid']);
  140. $billingaddress=mysql_real_escape_string($_REQUEST['billingaddress']);
  141. $billingcity=mysql_real_escape_string($_REQUEST['billingcity']);
  142. $billingstate=mysql_real_escape_string($_REQUEST['billingstate']);
  143. $billingzip=mysql_real_escape_string($_REQUEST['billingzip']);
  144. $billingsuite=mysql_real_escape_string($_REQUEST['billingsuite']);
  145. $billingphone=mysql_real_escape_string($_REQUEST['billingphone']);
  146. $billingfax=mysql_real_escape_string($_REQUEST['billingfax']);
  147. $email=mysql_real_escape_string($_REQUEST['email']);
  148.  
  149.  
  150. $confname=mysql_real_escape_string($_REQUEST['confname']);
  151. $conlname=mysql_real_escape_string($_REQUEST['conlname']);
  152. $conemail=mysql_real_escape_string($_REQUEST['conemail']);
  153. $conphone=mysql_real_escape_string($_REQUEST['conphone']);
  154.  
  155. $confname1=mysql_real_escape_string($_REQUEST['confname1']);
  156. $conlname1=mysql_real_escape_string($_REQUEST['conlname1']);
  157. $conemail1=mysql_real_escape_string($_REQUEST['conemail1']);
  158. $conphone1=mysql_real_escape_string($_REQUEST['conphone1']);
  159.  
  160. $confname2=mysql_real_escape_string($_REQUEST['confname2']);
  161. $conlname2=mysql_real_escape_string($_REQUEST['conlname2']);
  162. $conemail2=mysql_real_escape_string($_REQUEST['conemail2']);
  163. $conphone2=mysql_real_escape_string($_REQUEST['conphone2']);
  164.  
  165. $shipcompany=mysql_real_escape_string($_REQUEST['shipcompany']);
  166. $issame=mysql_real_escape_string($_REQUEST['issame']);
  167. $shipphone=mysql_real_escape_string($_REQUEST['shipphone']);
  168. $shipaddress=mysql_real_escape_string($_REQUEST['shipaddress']);
  169. $shipcity=mysql_real_escape_string($_REQUEST['shipcity']);
  170. $shipstate=mysql_real_escape_string($_REQUEST['shipstate']);
  171. $shipzip=mysql_real_escape_string($_REQUEST['shipzip']);
  172. $salesasso=mysql_real_escape_string($_REQUEST['salesasso']);
  173. $collector=mysql_real_escape_string($_REQUEST['collector']);
  174. $creditlimit=mysql_real_escape_string($_REQUEST['creditlimit']);
  175. $creditstat=mysql_real_escape_string($_REQUEST['creditstat']);
  176. $agingmethod=mysql_real_escape_string($_REQUEST['agingmethod']);
  177. $direct=$_REQUEST['cusnum'];
  178. //echo "This is $issame";
  179. if($fname==''){echo 'First Name<br>'; $er='1';}
  180. if($lname==''){echo 'Last Name<br>'; $er='1';}
  181. if($company==''){echo 'Company<br>'; $er='1';}
  182. if($billingaddress==''){echo 'Billing Address<br>'; $er='1';}
  183. if($billingcity==''){echo 'Billing City<br>'; $er='1';}
  184. if($billingstate==''){echo 'Billing State<br>'; $er='1';}
  185. if($billingzip==''){echo 'Billing Zip<br>'; $er='1';}
  186. if($billingphone==''){echo 'Billing Phone<br>'; $er='1';}
  187. if($email==''){echo 'Email<br>'; $er='1';}
  188. if($issame=='true'){
  189. }else{
  190. if($shipcompany==''){echo 'Shipping Company Name<br>'; $er='1';}
  191. if($shipaddress==''){echo 'Shipping Address<br>'; $er='1';}
  192. if($shipcity==''){echo 'Shipping City<br>'; $er='1';}
  193. if($shipstate==''){echo 'Shipping State<br>'; $er='1';}
  194. if($shipzip==''){echo 'Shipping Zip<br>'; $er='1';}
  195. }
  196. if($er==''){
  197. ////////IF DATA IS FULL INSERT INTO DB//////
  198. $fullConname="$confname $conlname";/////JOINS FIRST AND LAST NAME OF NEW CLIENT.
  199.  
  200.  
  201. if($billingsuite == ''){
  202. $billingsuite='Add Suite'; 
  203. }
  204. if($billingfax == ''){
  205. $billingfax='Add Fax'; 
  206. }
  207. $curdt=date('m/d/Y');
  208.  
  209. mysql_query("UPDATE customers SET  fname='$fname',  lname='$lname',     compname='$company',    taxid='$taxid',     billadd='$billingaddress',  billsuit='$billingsuite',   billcity='$billingcity',    billstate='$billingstate',  billzip='$billingzip',  billphone='$billingphone',  billfax='$billingfax',  email='$email',     contactname='$fullConname',     conemail='$conemail',   contactphone='$conphone',   shipadd='$shipaddress',  shipcity='$shipcity',  shipstate='$shipstate',     shipzip='$shipzip',    salesass='$salesasso',    collector='$collector',    credlim='$creditlimit',    creditstat='$creditstat',    paymentage='$agingmethod', active='true', isbillsame='$issame', namto='$fname $lname', adddat='$curdt', shipphone='$shipphone', shipcom='$shipcompany'  WHERE custnum='$direct'")or die('Data Entry Error, Review Client Entry!');
  210. echo 'good';
  211.  
  212. ///////ADDITONALS CONTACT ENTRY HERE.
  213.  
  214. $g=mysql_query("SELECT * FROM customers WHERE fname='$fname' AND lname='$lname' ORDER BY cusid DESC");
  215. $r=mysql_fetch_array($g);
  216. $cusid=$r["cusid"];
  217.  
  218. if($confname1!=''){
  219.     //echo "this is the bomb $confname1";
  220.     if($confname1==''){$confname1='None';}
  221.     if($conlname1==''){$conlname1='None';}
  222.     if($conemail1==''){$conemail1='None';}
  223.     if($conphone1==''){$conphone1='None';}
  224. mysql_query("UPDATE addcontacts SET    cfname='$confname1',     clname='$conlname1',    cemail='$conemail1',      chphone='$conphone1' WHERE  blong='$cusid' AND listtype='1'")or die(mysql_error());
  225. }
  226. if($confname2!=''){
  227.     if($confname2==''){$confname2='None';}
  228.     if($conlname2==''){$conlname2='None';}
  229.     if($conemail2==''){$conemail2='None';}
  230.     if($conphone2==''){$conphone2='None';}
  231. mysql_query(" UPDATE addcontacts SET  cfname='$confname2',     clname='$conlname2',    cemail='$conemail2',      chphone='$conphone2' WHERE blong='$cusid' AND listtype='2'")or die(mysql_error());
  232. }
  233. }
  234. }
  235.  
  236. ///DELETE USER////
  237.  
  238. if($act=='delete'){
  239.     $whome=$_REQUEST['whome'];
  240. mysql_query("UPDATE customers SET active='false' WHERE custnum='$whome'")or die(mysql_error());
  241. echo $whome;
  242.    
  243. }
  244.  
  245. ////MAINTAIN EMPLOYEES///
  246.  
  247. if($act=='addemp'){
  248. $username=mysql_real_escape_string($_REQUEST['username']);
  249. $pass=mysql_real_escape_string($_REQUEST['pass']);
  250. $pass2=mysql_real_escape_string($_REQUEST['pass2']);
  251. $efname=mysql_real_escape_string($_REQUEST['efname']);
  252. $elname=mysql_real_escape_string($_REQUEST['elname']);
  253. $phone=mysql_real_escape_string($_REQUEST['phone']);
  254. $fax=mysql_real_escape_string($_REQUEST['fax']);
  255. $cell=mysql_real_escape_string($_REQUEST['cell']);
  256. $email=mysql_real_escape_string($_REQUEST['email']);
  257. $read=mysql_real_escape_string($_REQUEST['read']);
  258. $write=mysql_real_escape_string($_REQUEST['write']);
  259. $emptyp=$_REQUEST['emptyp'];
  260. $sessin=date('msdYi');
  261. $truesession=md5($sessin);
  262. $cipsession=substr($truesession, 0, -18);
  263.    
  264. $indate=date('m/d/Y');
  265.  
  266. if($username==''){$er1='Username'; }else{$er1='';}
  267. if($pass==''){$er2='Password'; }else{$er2='';}
  268. if($efname==''){$er3='First Name'; }else{$er3='';}
  269. if($elname==''){$er4='Last Name'; }else{$er4='';}
  270. if($phone==''){$er5='Phone'; }else{$er5='';}
  271.  
  272.  
  273.  if($er1=='' && $er2=='' && $er3=='' && $er4=='' && $er5==''){$key='processed';
  274.  }else{
  275.     die("<div>$er1</div><div>$er2</div><div>$er3</div><div>$er4</div><div>$er5</div>");
  276.      
  277.  }
  278.  
  279.  $ty=mysql_query("SELECT * FROM empusers WHERE username='$username'");
  280.  $rt=mysql_num_rows($ty);
  281.  
  282.  if($rt>0){
  283.      die("Usename Already Exists in Database!");
  284.  }
  285.  
  286.  if($pass==$pass2){$rem='good';}else{die("Passwords do not match");}
  287.  
  288.  
  289. mysql_query("INSERT INTO empusers SET username='$username', pass='$pass', efname='$efname', elname='$elname', phone='$phone', fax='$fax', cell='$cell', email='$email', writes='$write', readss='$read', active='true', sessin='$cipsession', acdate='$indate', emtype='$emptyp'")or die(mysql_error());
  290. echo 'good';
  291. }
  292.  
  293. /////EDIT EMPLOYEE///////
  294.  
  295. if($act=='editemp'){
  296.     $shout=$_REQUEST['shout'];
  297. $username=mysql_real_escape_string($_REQUEST['username']);
  298. $pass=mysql_real_escape_string($_REQUEST['pass']);
  299. $pass2=mysql_real_escape_string($_REQUEST['pass2']);
  300. $efname=mysql_real_escape_string($_REQUEST['efname']);
  301. $elname=mysql_real_escape_string($_REQUEST['elname']);
  302. $phone=mysql_real_escape_string($_REQUEST['phone']);
  303. $fax=mysql_real_escape_string($_REQUEST['fax']);
  304. $cell=mysql_real_escape_string($_REQUEST['cell']);
  305. $email=mysql_real_escape_string($_REQUEST['email']);
  306. $read=mysql_real_escape_string($_REQUEST['read']);
  307. $write=mysql_real_escape_string($_REQUEST['write']);
  308. $emtype=$_REQUEST['emtype'];
  309. //$sessin=date('msdYi');
  310. //$truesession=md5($sessin);
  311. //$cipsession=substr($truesession, 0, -18);
  312.    
  313. //$indate=date('m/d/Y');
  314.  
  315. if($username==''){$er1='Username'; }else{$er1='';}
  316. if($pass==''){$er2='Password'; }else{$er2='';}
  317. if($efname==''){$er3='First Name'; }else{$er3='';}
  318. if($elname==''){$er4='Last Name'; }else{$er4='';}
  319. if($phone==''){$er5='Phone'; }else{$er5='';}
  320.  
  321.  
  322.  if($er1=='' && $er2=='' && $er3=='' && $er4=='' && $er5==''){$key='processed';
  323.  }else{
  324.     die("<div>$er1</div><div>$er2</div><div>$er3</div><div>$er4</div><div>$er5</div>");
  325.      
  326.  }
  327.  
  328.  //$ty=mysql_query("SELECT * FROM empusers WHERE username='$username'");
  329.  //$rt=mysql_num_rows($ty);
  330.  
  331.  //if($rt>0){
  332. //   die("Usename Already Exists in Database!");
  333.  //}
  334.  
  335. //echo $emtype;
  336.  
  337. mysql_query("UPDATE empusers SET username='$username', pass='$pass', efname='$efname', elname='$elname', phone='$phone', fax='$fax', cell='$cell', email='$email', writes='$write', readss='$read', emtype='$emtype' WHERE empid='$shout'")or die(mysql_error());
  338. echo 'good';
  339. }
  340.  
  341.  
  342. ///////////INSERT NEW VENDORS///////
  343. if($act=='newven'){
  344.    
  345. $company=mysql_real_escape_string($_REQUEST["company"]);
  346. $address=mysql_real_escape_string($_REQUEST["address"]);
  347. $city=mysql_real_escape_string($_REQUEST["city"]);
  348. $state=mysql_real_escape_string($_REQUEST["state"]);
  349. $zip=mysql_real_escape_string($_REQUEST["zip"]);
  350. $phone=mysql_real_escape_string($_REQUEST["phone"]);
  351. $fax=mysql_real_escape_string($_REQUEST['fax']);
  352. $email=mysql_real_escape_string($_REQUEST["email"]);
  353. $hourrate=mysql_real_escape_string($_REQUEST["hourrate"]);
  354. $vennumber=mysql_real_escape_string($_REQUEST["vennumber"]);
  355.  
  356. $confname=mysql_real_escape_string($_REQUEST['confname']);
  357. $conlname=mysql_real_escape_string($_REQUEST['conlname']);
  358. $conemail=mysql_real_escape_string($_REQUEST['conemail']);
  359. $conphone=mysql_real_escape_string($_REQUEST['conphone']);
  360.  
  361. $confname1=mysql_real_escape_string($_REQUEST['confname1']);
  362. $conlname1=mysql_real_escape_string($_REQUEST['conlname1']);
  363. $conemail1=mysql_real_escape_string($_REQUEST['conemail1']);
  364. $conphone1=mysql_real_escape_string($_REQUEST['conphone1']);
  365.  
  366. $confname2=mysql_real_escape_string($_REQUEST['confname2']);
  367. $conlname2=mysql_real_escape_string($_REQUEST['conlname2']);
  368. $conemail2=mysql_real_escape_string($_REQUEST['conemail2']);
  369. $conphone2=mysql_real_escape_string($_REQUEST['conphone2']);   
  370.  
  371. if($company==''){$err1='<div>Company</div>';}else{$err1='';}
  372. if($address==''){$err2='<div>Address</div>';}else{$err2='';}
  373. if($city==''){$err3='<div>City</div>';}else{$err3='';}
  374. if($state=='none'){$err4='<div>State</div>';}else{$err4='';}
  375. if($zip==''){$err5='<div>Zip</div>';}else{$err5='';}
  376.  
  377. if($err1=='' && $err2=='' && $err3=='' && $err4=='' && $err5==''){
  378.    
  379.     if($phone==''){$phone='None';}
  380.     if($email==''){$email='None';}
  381.     if($hourrate==''){$hourrate='0.00';}
  382.     if($fax==''){$hourrate='None';}
  383.    
  384.     }else{
  385. die("$err1 $err2 $err3 $err4 $err5");
  386.    
  387. }
  388. $thatdate=date('m/d/Y');
  389.    
  390.     mysql_query("INSERT INTO vendors SET compname='$company', address='$address', city='$city', state='$state', zip='$zip', phone='$phone', fax='$fax', email='$email', hourrate='$hourrate', vennumber='$vennumber', active='true', entdate='$thatdate'");
  391.    
  392.    
  393.    
  394.     //echo "this is the bomb $confname1";
  395.     if($confname==''){$confname='None';}
  396.     if($conlname==''){$conlname='None';}
  397.     if($conemail==''){$conemail='None';}
  398.     if($conphone==''){$conphone='None';}
  399.    
  400. mysql_query("INSERT INTO vencontacts SET    cfname='$confname',     clname='$conlname',    cemail='$conemail',  cphone='$conphone', blong='$vennumber', listtype='1'")or die(mysql_error());
  401.  
  402.  
  403.  
  404.     if($confname1==''){$confname1='None';}
  405.     if($conlname1==''){$conlname1='None';}
  406.     if($conemail1==''){$conemail1='None';}
  407.     if($conphone1==''){$conphone1='None';}
  408.    
  409. mysql_query(" INSERT INTO vencontacts SET blong='$vennumber',     cfname='$confname1',     clname='$conlname1',    cemail='$conemail1',   cphone='$conphone1',  listtype='2'")or die(mysql_error());
  410.  
  411.  
  412.  
  413.     if($confname2==''){$confname2='None';}
  414.     if($conlname2==''){$conlname2='None';}
  415.     if($conemail2==''){$conemail2='None';}
  416.     if($conphone2==''){$conphone2='None';}
  417.    
  418. mysql_query("INSERT vencontacts SET  cfname='$confname2',     clname='$conlname2',    cemail='$conemail2',      cphone='$conphone2',  blong='$vennumber',  listtype='3'")or die(mysql_error());
  419.  
  420.    
  421.  
  422. echo'done';
  423. }
  424.  
  425. ///////EDIT VENDORS//////
  426.  
  427. if($act=='editven'){
  428.    
  429. $company=mysql_real_escape_string($_REQUEST["company"]);
  430. $address=mysql_real_escape_string($_REQUEST["address"]);
  431. $city=mysql_real_escape_string($_REQUEST["city"]);
  432. $state=mysql_real_escape_string($_REQUEST["state"]);
  433. $zip=mysql_real_escape_string($_REQUEST["zip"]);
  434. $phone=mysql_real_escape_string($_REQUEST["phone"]);
  435. $fax=mysql_real_escape_string($_REQUEST['fax']);
  436. $email=mysql_real_escape_string($_REQUEST["email"]);
  437. $hourrate=mysql_real_escape_string($_REQUEST["hourrate"]);
  438. $vennumber=mysql_real_escape_string($_REQUEST["vennumber"]);
  439.  
  440. $confname=mysql_real_escape_string($_REQUEST['confname']);
  441. $conlname=mysql_real_escape_string($_REQUEST['conlname']);
  442. $conemail=mysql_real_escape_string($_REQUEST['conemail']);
  443. $conphone=mysql_real_escape_string($_REQUEST['conphone']);
  444.  
  445. $confname1=mysql_real_escape_string($_REQUEST['confname1']);
  446. $conlname1=mysql_real_escape_string($_REQUEST['conlname1']);
  447. $conemail1=mysql_real_escape_string($_REQUEST['conemail1']);
  448. $conphone1=mysql_real_escape_string($_REQUEST['conphone1']);
  449.  
  450. $confname2=mysql_real_escape_string($_REQUEST['confname2']);
  451. $conlname2=mysql_real_escape_string($_REQUEST['conlname2']);
  452. $conemail2=mysql_real_escape_string($_REQUEST['conemail2']);
  453. $conphone2=mysql_real_escape_string($_REQUEST['conphone2']);   
  454.  
  455. if($company==''){$err1='<div>Company</div>';}else{$err1='';}
  456. if($address==''){$err2='<div>Address</div>';}else{$err2='';}
  457. if($city==''){$err3='<div>City</div>';}else{$err3='';}
  458. if($state=='none'){$err4='<div>State</div>';}else{$err4='';}
  459. if($zip==''){$err5='<div>Zip</div>';}else{$err5='';}
  460.  
  461. if($err1=='' && $err2=='' && $err3=='' && $err4=='' && $err5==''){
  462.    
  463.     if($phone==''){$phone='None';}
  464.     if($email==''){$email='None';}
  465.     if($hourrate==''){$hourrate='0.00';}
  466.     if($fax==''){$hourrate='None';}
  467.    
  468.     }else{
  469. die("$err1 $err2 $err3 $err4 $err5");
  470.    
  471. }
  472. $thatdate=date('m/d/Y');
  473.    
  474.     mysql_query("UPDATE vendors SET compname='$company', address='$address', city='$city', state='$state', zip='$zip', phone='$phone', fax='$fax', email='$email', hourrate='$hourrate' WHERE vennumber='$vennumber'");
  475.    
  476.    
  477.    
  478.     //echo "this is the bomb $confname1";
  479.     if($confname==''){$confname='None';}
  480.     if($conlname==''){$conlname='None';}
  481.     if($conemail==''){$conemail='None';}
  482.     if($conphone==''){$conphone='None';}
  483.    
  484. mysql_query("UPDATE vencontacts SET    cfname='$confname',     clname='$conlname',    cemail='$conemail',  cphone='$conphone', blong='$vennumber' WHERE listtype='1' AND blong='$vennumber'")or die(mysql_error());
  485.  
  486.  
  487.  
  488.     if($confname1==''){$confname1='None';}
  489.     if($conlname1==''){$conlname1='None';}
  490.     if($conemail1==''){$conemail1='None';}
  491.     if($conphone1==''){$conphone1='None';}
  492.    
  493. mysql_query("UPDATE vencontacts SET  cfname='$confname1',     clname='$conlname1',    cemail='$conemail1',   cphone='$conphone1' WHERE listtype='2' AND blong='$vennumber'")or die(mysql_error());
  494.  
  495.  
  496.  
  497.     if($confname2==''){$confname2='None';}
  498.     if($conlname2==''){$conlname2='None';}
  499.     if($conemail2==''){$conemail2='None';}
  500.     if($conphone2==''){$conphone2='None';}
  501.    
  502. mysql_query("UPDATE vencontacts SET  cfname='$confname2',     clname='$conlname2',    cemail='$conemail2',      cphone='$conphone2' WHERE listtype='3' AND blong='$vennumber'")or die(mysql_error());
  503.  
  504.    
  505.  
  506. echo'done';
  507. }
  508.  
  509.  
  510. if($act=='deleteven'){
  511.     $whome=$_REQUEST['whome'];
  512.     mysql_query("UPDATE vendors SET active='false' WHERE vennumber='$whome'");
  513. }
  514.  
  515. ///////ADD PRODUCTS//////
  516.  
  517. if($act=='addpro'){
  518. $productname=mysql_real_escape_string($_REQUEST['productname']);
  519. $price=mysql_real_escape_string($_REQUEST['price']);
  520. $cost=mysql_real_escape_string($_REQUEST['cost']);
  521. $vendor=mysql_real_escape_string($_REQUEST['vendor']);
  522. $sku=mysql_real_escape_string($_REQUEST['sku']);
  523. $prodec=mysql_real_escape_string($_REQUEST['prodec']);
  524. $venid=$_REQUEST['venid'];
  525.  
  526. if($productname==''){$err1='Product Name';}else{$err1='';}
  527. if($price==''){$err2='Product Price';}else{$err2='';}
  528. if($cost==''){$err3='Cost';}else{$err3='';}
  529. if($vendor=='none'){$err4='Vendor';}else{$err4='';}
  530.    
  531.     if($err1=='' || $err2=='' || $err3=='' || $err4==''){
  532.         mysql_query("INSERT INTO products SET productname='$productname', price='$price', cost='$cost', vendor='$vendor', sku='$sku', prodec='$prodec', venid='$venid'")or die(mysql_error());
  533.        
  534.         echo "good";
  535.     }else{
  536.        
  537.        
  538.         //echo 'hi';
  539.         die('<div>'.$err1.'</div><div>'.$err2.'</div><div>'.$err3.'</div><div>'.$err4.'</div>');
  540.        
  541.        
  542.     }
  543.    
  544.    
  545.    
  546. }
  547.  
  548. ///EDIT PRODUCTS////
  549.  
  550. if($act=='editpro'){
  551. $productname=mysql_real_escape_string($_REQUEST['productname']);
  552. $price=mysql_real_escape_string($_REQUEST['price']);
  553. $cost=mysql_real_escape_string($_REQUEST['cost']);
  554. $vendor=mysql_real_escape_string($_REQUEST['vendor']);
  555. $sku=mysql_real_escape_string($_REQUEST['sku']);
  556. $prodec=mysql_real_escape_string($_REQUEST['prodec']);
  557. $venid=$_REQUEST['venid'];
  558. $pronum=$_REQUEST['pronum'];
  559.  
  560. if($productname==''){$err1='Product Name';}else{$err1='';}
  561. if($price==''){$err2='Product Price';}else{$err2='';}
  562. if($cost==''){$err3='Cost';}else{$err3='';}
  563. if($vendor=='none'){$err4='Vendor';}else{$err4='';}
  564.    
  565.     if($err1=='' || $err2=='' || $err3=='' || $err4==''){
  566.         mysql_query("UPDATE products SET productname='$productname', price='$price', cost='$cost', vendor='$vendor', sku='$sku', prodec='$prodec', venid='$venid' WHERE proid='$pronum'")or die(mysql_error());
  567.        
  568.         echo "good";
  569.     }else{
  570.        
  571.        
  572.         //echo 'hi';
  573.         die('<div>'.$err1.'</div><div>'.$err2.'</div><div>'.$err3.'</div><div>'.$err4.'</div>');
  574.        
  575.        
  576.     }
  577.    
  578.    
  579.    
  580. }
  581.  
  582. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!