CasperSecurity

Current Path : /var/www/acasv2.uiet.co.in/v.2.0/api/request/sales/sales_order_api/
Upload File :
Current File : /var/www/acasv2.uiet.co.in/v.2.0/api/request/sales/sales_order_api/sales_order_api_insert.php

 <?php
session_start();
include '../../../../web/connection/connection.php';
include '../../../../web/connection/con.php';
include '../../../../web/connection/functions/encryption.php';

 $selecttrps="SELECT * FROM sales_order ORDER BY sales_order_id DESC";
 $querytrps=mysqli_query($con, $selecttrps);
 $resulttrps=mysqli_fetch_assoc($querytrps);
 $sales_order_id = $resulttrps['sales_order_id']+1;
 $zero = 0;
 $qut = 'SO';
 $year = date("Y");
  $salesorder_noyy = $qut.'-'.$year.'-'.$zero.''.$zero.''.$zero.''.$zero.''.$sales_order_id;
if(($sales_order_id >= '10') && ($sales_order_id < '100')){
$salesorder_no = $qut.'-'.$year.'-'.$zero.''.$zero.''.$zero.''.$sales_order_id;
}elseif(($sales_order_id >= '100')&&($sales_order_id < '1000')){
   $salesorder_no = $qut.'-'.$year.'-'.$zero.''.$zero.''.$sales_order_id;	
}elseif($sales_order_id >= '1000'){
	$salesorder_no = $sales_order_id;
}else{
	 $salesorder_no = $salesorder_noyy;
}	
 
 
  $sales_order_date = $_SESSION['sales_order_date'];
  $quotation_id = $_POST['quotation_id'];
   $customer_id = $_POST['customer_id'];
   $gross_amount = $_POST['gross_amount'];
   $bill_discount_rate = $_POST['bill_discountpes'];
   
   
   
$discountamt = $gross_amount * $bill_discount_rate/100; 
$bill_discountamt = number_format((float)$discountamt,2,'.','');


$payable_amtt = $gross_amount - $discountamt;  
$payable_amt = number_format((float) $payable_amtt,2,'.','');
   
 
$date = date("Y-m-d");
$active = 'yes';
$userId   = $_SESSION['USER_ID'];

if(!empty($quotation_id)){
	

	$db_handle = new DBController();
	$newInsert = $db_handle->tableinsert("INSERT INTO sales_order(quotation_id,customer_id,sales_order_no,sales_order_date,total_gross_amount,bill_discount_rate,bill_discount_amount,total_payable_amount,created_on,created_by,is_active) 
	VALUES ('$quotation_id','$customer_id','$salesorder_no','$sales_order_date','$gross_amount','$bill_discount_rate','$bill_discountamt','$payable_amt','$date','$userId','$active')");
    $jj = $_SESSION['LAST_NO'];
	    for($i=1;$i<$jj;$i++){
		  $product_id = $_POST['product_id_'.$i];
		   $service_id = $_POST['service_id_'.$i];
		   $quantity = $_POST['quantity_'.$i];
		   $unit_rate = $_POST['unit_rate_'.$i];
		   $amount = $_POST['amount_'.$i];
		   $discount_rate = $_POST['discount_rate_'.$i];
		   $discount_amount = $_POST['discount_amount_'.$i];
		   $net_amount = $_POST['net_amount_'.$i];
		   
		   
    $db_handle = new DBController();
    $newInsert2 = $db_handle->tableinsert("INSERT INTO sales_order_item(sales_order_id,product_id,service_id,quantity,rate,gross_amount,discount_rate,discount_amount,net_amount) 
	VALUES ('$newInsert','$product_id','$service_id','$quantity','$unit_rate','$amount','$discount_rate','$discount_amount','$net_amount')");
    
	}
	
	$jj = $_SESSION['LAST_NO'];
	    for($i=1;$i<$jj;$i++){
		 
		  $sales_terms = $_POST['sales_terms_'.$i];
		  
		  
		  $db_handle = new DBController();
		  $newInsert3 = $db_handle->tableinsert("INSERT INTO sales_order_terms(sales_order_id,terms_condition) 
	VALUES ('$newInsert','$sales_terms')");
     
		}
	
	
if($newInsert3 == TRUE){ 
			
			  $_SESSION['ERROR_MSG'] = "Success";
		      $_SESSION['MSG_ALRT'] = "TRUE";
		     header('location:../../../../web/home/modules/sales/sales_order/sales_order.php');

		 }else{
			 $_SESSION['ERROR_MSG'] = "Unsuccess";
		     $_SESSION['MSG_ALRT'] = "FALSE";
			 
		      
			   header('location:../../../../web/home/modules/sales/sales_order/sales_order.php');
		}	
	}

	

?>
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY