Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -------------------------------Edithardware.php----------------------------------------------------------
- <!doctype html>
- <html>
- <head>
- <meta charset="utf-8">
- <title>Edit Hardware</title>
- <link href="editemployee.css" rel="stylesheet" type="text/css">
- <?php
- echo "<SCRIPT LANGUAGE=\"JavaScript\">
- function popUp(SerialNumber) {
- window.open('http://site.site.com/path/editform.php?SerialNumberId=' + SerialNumber);
- }
- </script>";
- ?>
- </head>
- <body>
- <div class="container">
- <header>
- <div class="primary_header">
- <h1 class="title">Shadow Inventory Information</h1>
- </div>
- <div class="dropdown">
- <button class="dropbtn">HOME</button>
- </div>
- <div class="dropdown">
- <button class="dropbtn">DIRECTORY</button>
- </div>
- <div class="dropdown">
- <button class="dropbtn">IT HELP</button>
- </div>
- <div class="dropdown">
- <button class="dropbtn">FORMS</button>
- <div class="dropdown-content">
- <a href="#">IT</a>
- <a href="#">HR</a>
- </div>
- </div>
- <div class="dropdown">
- <button class="dropbtn">HR</button>
- <div class="dropdown-content">
- <a href="#">New Employee</a>
- <a href="#">Edit Employee</a>
- </div>
- </div>
- <div class="dropdown">
- <button class="dropbtn">CONTACT</button>
- </div>
- </header>
- <form id="SerialNumber" action="edithardware.php" method="POST" enctype="multipart/form-data">
- <div class="row">
- <label for="SerialNumber">Serial Number:</label><br />
- <input id="SerialNumber" class="input" name="SerialNumber" type="text" value="" size="30" /><br />
- </div>
- <div class="row">
- <label for="Name">Name:</label><br />
- <input id="Name" class="input" name="Name" type="text" value="" size="30" /><br />
- </div>
- <div class="row">
- <label for="Location">Location:</label><br />
- <input id="Location" class="input" name="Location" type="text" value="" size="30" /><br />
- </div>
- <div class="row">
- <label for="Type">Type:</label><br />
- <input class="input" name="Type" value="" Type="Text">
- <br />
- </div>
- <div class="row">
- <label for="IPAddress">IP Address:</label><br />
- <input id="IPAddress" class="input" name="IPAddress" type="text" value="" size="30" /><br />
- </div>
- <div class="row">
- <label for="Manufacturer">Manufacturer:</label><br />
- <input id="Manufacturer" class="input" name="Manufacturer" type="text" value="" size="30" /><br />
- </div>
- <div class="row">
- <label for="Owner">Owner:</label><br />
- <input id="Owner" class="input" name="Owner" type="text" value="" size="30" /><br />
- </div>
- <div class="search-submit">
- <input type="submit" name="submit" class="search-button" id="submit" /><br />
- </div>
- <?php
- $host = 'site.site.org';
- $user = 'user';
- $pass = 'pass';
- $db = 'database';
- $con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());
- // Check connection
- if (!$con) {
- echo "Error: Unable to connect to MySQL." . PHP_EOL;
- /* echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;*/
- /* echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;*/
- exit;
- }
- /*echo "Success: A proper connection to MySQL was made! The database is great." . PHP_EOL;*/
- /*echo "Host information: " . mysqli_get_host_info($con) . PHP_EOL;*/
- if (!isset($_POST['submit'])) { die("Form submission failed."); };
- $SerialNumber = mysqli_real_escape_string($con, $_POST['SerialNumber']);
- $Name = mysqli_real_escape_string($con, $_POST['Name']);
- $Location = mysqli_real_escape_string($con, $_POST['Location']);
- $Type = mysqli_real_escape_string($con, $_POST['Type']);
- $IPAddress = mysqli_real_escape_string($con, $_POST['IPAddress']);
- $Manufacturer = mysqli_real_escape_string($con, $_POST['Manufacturer']);
- $Owner = mysqli_real_escape_string($con, $_POST['Owner']);
- //$EndofLife = mysqli_real_escape_string($con, $_POST['EndofLife']);
- //$PurchaseDate = mysqli_real_escape_string($con, $_POST['PurchaseDate']);
- $sql = "SELECT * FROM inventory WHERE SerialNumber LIKE '%$SerialNumber%' AND Name LIKE '%$Name%' AND Location LIKE '%$Location%' AND Type LIKE '%$Type%' AND (IPAddress IS NULL OR IPAddress LIKE '$IPAddress%') AND Manufacturer LIKE '%$Manufacturer%' AND Owner LIKE '%$Owner%'"; //AND (PurchaseDate IS NULL OR PurchaseDate LIKE '$PurchaseDate%')
- $result = mysqli_query($con, $sql);
- if (mysqli_num_rows($result) > 0) {
- echo "<form target='_blank' action='edithardware.php' method='POST' name='getSerialNumber'>";
- echo "<table border= 1 cellspacing = 3 cellpadding = 1>";
- echo "<tr>";
- echo "
- <th>Edit</th>
- <th>Serial</th>
- <th>Name</th>
- <th>Location</th>
- <th>Type</th>
- <th>IPAddress</th>
- <th>Manufacturer</th>
- <th>Owner</th>
- <th>PurchaseDate</th>
- <th>EndofLife</th>";
- echo "</tr>";
- while ($row = mysqli_fetch_assoc($result)) {
- echo "<tr>";
- echo "
- <td><input type=button value=\"Edit\" onclick=\"popUp('" .$row['SerialNumber']. "')\"/></td>
- <td width=150 align=center>{$row['SerialNumber']}</td>
- <td width=150 align=center>{$row['Name']}</td>
- <td width=200 align=center>{$row['Location']}</td>
- <td width=300 align=center>{$row['Type']}</td>
- <td width=300 align=center>{$row['IPAddress']}</td>
- <td width=150 align=center>{$row['Manufacturer']}</td>
- <td width=50 align=center>{$row['Owner']}</td>
- <td width=150 align=center>{$row['PurchaseDate']}</td>
- <td width=150 align=center>{$row['EndofLife']}</td>";
- echo "</tr>";
- }
- echo "</table>";
- echo "</form>";
- }
- else
- {
- echo "Query didn't yield results";
- echo "$sql";
- }
- ?>
- </body>
- </html>
- <html>
- <head>
- ----------------------------------------------------------------------------------------Editform.php
- <SCRIPT LANGUAGE="JavaScript">
- function testfunc(){
- var SerialNumber = sessionStorage.getItem("SerialNumberId");
- }
- </script>
- </head>
- <body>
- <?php
- $host = 'site.site.org';
- $user = 'user';
- $pass = 'pass';
- $db = 'database';
- $con = mysqli_connect($host, $user, $pass, $db) or die(mysqli_error());
- //Check connections
- if (!$con) {
- echo "Error: Unable to connect to MYSQL." . PHP_EOL;
- exit;
- }
- $edit = mysqli_real_escape_string($con, $_GET['SerialNumberId']);
- $sql = "SELECT * FROM inventory WHERE SerialNumber LIKE '$edit'";
- //echo $sql;
- $result = mysqli_query($con, $sql);
- if (mysqli_num_rows($result) > 0) {
- while($row = mysqli_fetch_assoc($result)){
- echo "
- <link href=\"editform.css\" rel=\"stylesheet\" type=\"text/css\">
- <form method=\"POST\" action=\"edithardware.php?SerialNumberId= + $_GET[SerialNumberId]\">
- <P>
- SerialNumber:
- <input TYPE=\"text\" name=\"SerialNumber\" value=\"{$row['SerialNumber']}\" SIZE=\"20\">
- </P>
- <P>
- Name:
- <input TYPE=\"text\" name=\"Name\" value=\"{$row['Name']}\" SIZE=\"20\">
- </P>
- <P>
- Location:
- <input TYPE=\"text\" name=\"Location\" value=\"{$row['Location']}\" SIZE=\"25\">
- </P>
- <P>
- Type:
- <input TYPE=\"text\" name=\"Type\" value=\"{$row['Type']}\" SIZE=\"25\">
- </P>
- <P>
- IPAddress:
- <input TYPE=\"text\" name=\"IPAddress\" value=\"{$row['IPAddress']}\" SIZE=\"25\">
- </P>
- <P>
- Manufacturer:
- <input TYPE=\"text\" name=\"Manufacturer\"value=\"{$row['Manufacturer']}\" SIZE=\"25\">
- </P>
- <P>
- Owner #:
- <input TYPE=\"text\" name=\"Owner\" value=\"{$row['Owner']}\" SIZE=\"25\">
- </P>
- <P>
- PurchaseDate:
- <input TYPE=\"Date\" name=\"PurchaseDate\" value=\"{$row['PurchaseDate']}\" SIZE=\"25\">
- </P>
- <P>
- <P>
- End of Life:
- <input TYPE=\"Date\" name=\"EndofLife\" value=\"{$row['EndofLife']}\" SIZE=\"25\">
- </P>
- <P>
- Notes:
- <input TYPE=\"Text\" name=\"Notes\" value=\"{$row['Notes']}\" SIZE=\"25\">
- </P>
- <P><input TYPE=\"submit\" VALUE=\"Submit\" name=\"submit\" id=\"submit\"></P>
- </FORM>
- ";
- }
- }
- //mysqli_close($con)
- ?>
- <?php
- if (!isset($_POST['submit'])) { die("Form submission failed.");}
- $SerialNumber = mysqli_real_escape_string($con, $_POST['SerialNumber']);
- $Name = mysqli_real_escape_string($con, $_POST['Name']);
- $Location = mysqli_real_escape_string($con, $_POST['Location']);
- $Type = mysqli_real_escape_string($con, $_POST['Type']);
- $IPAddress = mysqli_real_escape_string($con, $_Post['IPAddress']);
- $Manufacturer = mysqli_real_escape_string($con, $_POST['Manufacturer']);
- $Owner = mysqli_real_escape_string($con, $_POST['Owner']);
- //Trying both date formats
- $PurchaseDate = date('YY-mm-dd', strtotime(str_replace('-', '/', ($_POST['PurchaseDate']))));;
- $EndofLife = date('Y-m-d', strtotime(str_replace('-', '/', ($_POST['EndofLife']))));;
- $Notes = mysqli_real_escape_string($con, $_POST['Notes']);
- $sqlupdate = "UPDATE inventory
- SET SerialNumber='$SerialNumber',
- Name='$Name',
- Location='$Location',
- Type='$Type',
- IPAddress='$IPAddress',
- Manufacturer='$Manufacturer',
- Owner='$Owner',
- PurchaseDate='$PurchaseDate',
- EndofLife='$EndofLife',
- Notes='$Notes',
- WHERE SerialNumber='$SerialNumber'";
- echo $sqlupdate;
- //Check connections
- if (!$con) {
- echo "Error: Unable to connect to MYSQL." . PHP_EOL;
- exit;
- }
- echo $sqlupdate;
- mysqli_query($con, $sqlupdate) or die(mysqli_error($con));
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement