CasperSecurity

Current Path : /var/www/acasv2.uiet.co.in/purchase_order/
Upload File :
Current File : /var/www/acasv2.uiet.co.in/purchase_order/additem_insert_api.php

<?php
session_start();
include '../../../web/connection/connection.php';
include '../../../web/connection/con.php';
include '../../../web/connection/functions/encryption.php';

$purchase_order_date = $_REQUEST['purchase_order_date'];

$item_name = $_REQUEST['myInput_item'];
$brand = $_REQUEST['brand'];
$quantity = $_REQUEST['quantity'];
$rate = $_REQUEST['rata'];
$discount_rate = $_REQUEST['discount_rate'];

$amount = $quantity * $rate;
$amounty = number_format((float)$amount,2,'.','');
$discountamt =$amount*$discount_rate/100; 
$discountamty = number_format((float)$discountamt,2,'.','');

$netamountt = $amount - $discountamt;  
$netamount = number_format((float)  $netamountt,2,'.','');


$db_handle = new DBController();
$items = $db_handle-> runQuery("SELECT * FROM item WHERE item_name = '$item_name'");
  foreach($items as $item){
	
	 $item_id = $item['item_id'];
 }
 
 $db_handle = new DBController();
 $brands = $db_handle-> runQuery("SELECT * FROM brand WHERE brand_name = '$brand'");
  foreach($brands as $brand){
	
	  $newInsert_brand_id = $brand['brand_id'];
 }
 

$sup_name = $_REQUEST['sup_name'];

 $db_handle = new DBController();
  $suppliers = $db_handle-> runQuery("SELECT * FROM supplier WHERE supplier_name = '$sup_name'");
  foreach($suppliers as $supplier){
	
	 $supplier_idf = $supplier['supplier_id'];
	
  }

 $selecttrpo="SELECT * FROM purchase_order ORDER BY purchase_order_id DESC";
 $querytrpo=mysqli_query($con, $selecttrpo);
 $resulttrpo=mysqli_fetch_assoc($querytrpo);
 $purchase_order_id = $resulttrpo['purchase_order_id']+1;
 $zero = 0;
 $qut = 'PO';
 $year = date("Y");
  $purchase_order_noyy = $qut.'-'.$year.'-'.$zero.''.$zero.''.$zero.''.$zero.''.$purchase_order_id;
if(($purchase_order_id >= '10') && ($purchase_order_id < '100')){
$purchase_order_no = $qut.'-'.$year.'-'.$zero.''.$zero.''.$zero.''.$purchase_order_id;
}elseif(($purchase_order_id >= '100')&&($purchase_order_id < '1000')){
   $purchase_order_no = $qut.'-'.$year.'-'.$zero.''.$zero.''.$purchase_order_id;	
}elseif($purchase_order_id >= '1000'){
	$purchase_order_no = $purchase_order_id;
}else{
	 $purchase_order_no = $purchase_order_noyy;
}
 
$date = date("Y-m-d");
$active = 'yes';
$userId   = $_SESSION['USER_ID'];

if(!empty($sup_name)){
	
	 
	
	$db_handle = new DBController();
    $brand_numrows = $db_handle->numRows("SELECT * FROM brand WHERE brand_name = '$brand'");
	
   if($brand_numrows >= '1'){

	}else{

	    $db_handle = new DBController();
		$newInsert_brand_id = $db_handle->tableinsert("INSERT INTO brand(brand_name,created_on,created_by,is_active) 
		VALUES ('$brand','$date','$userId','$active')");
		

	   
	}
	
	 $db_handle = new DBController();
     $newUpdate = $db_handle->runMyUpdate("UPDATE item SET brand_id = '$newInsert_brand_id' WHERE item_id = '$item_id'");

	
	$db_handle = new DBController();
    $po_nomrow = $db_handle-> numRows("SELECT * FROM purchase_order WHERE purchase_order_date = '$purchase_order_date' AND supplier_id = '$supplier_idf'");
    if($po_nomrow == '0'){
	
    $db_handle = new DBController();
	$newInsert = $db_handle->tableinsert("INSERT INTO purchase_order(purchase_order_no,	purchase_order_date,supplier_id,created_on,created_by,is_active) 
	VALUES ('$purchase_order_no','$purchase_order_date','$supplier_idf','$date','$userId','$active')");
    
	$db_handle = new DBController();
	$newInsert2 = $db_handle->tableinsert("INSERT INTO purchase_order_item(purchase_order_id,item_id,brand_id,quantity,rate,amount,discount_rate,discount_amount,net_amount) 
	VALUES ('$newInsert','$item_id','$newInsert_brand_id','$quantity','$rate','$amount','$discount_rate','$discountamty','$netamount')");
    
	}else{
		
	$db_handle = new DBController();
    $puros = $db_handle-> runQuery("SELECT * FROM purchase_order ORDER BY purchase_order_id DESC LIMIT 1");
	$db_handle = new DBController();
	  foreach($puros as $puro){
	    $newInsert = $puro['purchase_order_id'];
	  }
	  
	$db_handle = new DBController();
	$newInsert2 = $db_handle->tableinsert("INSERT INTO purchase_order_item(purchase_order_id,item_id,brand_id,quantity,rate,amount,discount_rate,discount_amount,net_amount) 
	VALUES ('$newInsert','$item_id','$newInsert_brand_id','$quantity','$rate','$amount','$discount_rate','$discountamty','$netamount')");

}
		
 $purchase_order_datez =amebi_crypt($purchase_order_date,e);
 $sup_namez =amebi_crypt($sup_name,e);
 
 if($newInsert2 == TRUE){ 
			
			//$_SESSION['ERROR_MSG'] = "Success";
		    // $_SESSION['MSG_ALRT'] = "TRUE";
		     header('location:../../../web/home/modules/stock/purchase_order/purchase_order.php?purchase_order_date='.$purchase_order_datez.'&supnam='.$sup_namez);

		 }else{
			 //$_SESSION['ERROR_MSG'] = "Unsuccess";
		     //$_SESSION['MSG_ALRT'] = "FALSE";
		    header('location:../../../web/home/modules/stock/purchase_order/purchase_order.php?purchase_order_date='.$purchase_order_datez.'&supnam='.$sup_namez);

		} 
}
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY