| Server IP : 104.21.80.248 / Your IP : 172.71.28.155 Web Server : Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 System : Windows NT WIN-ECQAAA40806 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 User : SYSTEM ( 0) PHP Version : 5.6.30 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : E:/Inetpub/www/supply_system/supplies/ |
Upload File : |
<?php
include_once __DIR__ . '/../config.php';
include_once __DIR__ . '/../functions.php';
include_once __DIR__ . '/../includes/auth_check.php';
// requireRole(['admin', 'supply_manager']);
$message = '';
$message_type = 'danger'; // Default to error
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// --- Get and Sanitize Data ---
$supply_id = isset($_POST['supply_id']) ? intval($_POST['supply_id']) : 0;
$quantity = isset($_POST['quantity']) ? intval($_POST['quantity']) : 0;
$unit_price = isset($_POST['unit_price']) ? floatval($_POST['unit_price']) : 0.00;
// Sanitize string inputs using the function from functions.php
$supplier = isset($_POST['supplier']) ? sanitize_input($conn, $_POST['supplier']) : '';
$invoice_no = isset($_POST['invoice_no']) ? sanitize_input($conn, $_POST['invoice_no']) : '';
$expiry_date = isset($_POST['expiry_date']) && !empty($_POST['expiry_date']) ? sanitize_input($conn, $_POST['expiry_date']) : NULL; // Allow NULL
$created_by = getUserData('user_id'); // Get user ID from session
// --- Validate Data ---
if ($supply_id <= 0 || $quantity <= 0 || $unit_price < 0 || $created_by <= 0) {
$message = "ข้อมูลไม่ถูกต้อง (รหัสพัสดุ, จำนวน, ราคาต่อหน่วย ต้องมากกว่า 0)";
} else {
// --- Call Stored Procedure: AddSupplyBatch ---
// Prepare parameters for the stored procedure
// Note: String parameters need quotes, NULL doesn't
$expiry_date_sql = ($expiry_date === NULL) ? "NULL" : "'".$expiry_date."'";
$sql_call_sp = "CALL AddSupplyBatch(
$supply_id,
$quantity,
$unit_price,
'$supplier',
'$invoice_no',
$expiry_date_sql,
$created_by
)";
// Execute the CALL statement
$result_sp = mysqli_query($conn, $sql_call_sp);
if ($result_sp) {
// Optional: Fetch the result (batch_id, batch_no) if needed
$sp_output = mysqli_fetch_assoc($result_sp);
// --- FIXED LINES ---
$new_batch_id = isset($sp_output['batch_id']) ? $sp_output['batch_id'] : null; // Use isset() ternary for PHP 5.6
$new_batch_no = isset($sp_output['batch_no']) ? $sp_output['batch_no'] : null; // Use isset() ternary for PHP 5.6
// --- END FIXED LINES ---
// Clear possible multiple result sets from SP call
while (mysqli_more_results($conn) && mysqli_next_result($conn)) {;}
$message = "บันทึกข้อมูลการรับพัสดุ Batch: ".htmlspecialchars($new_batch_no)." สำเร็จ";
$message_type = 'success';
// Store message in session and redirect to avoid form resubmission
$_SESSION['message'] = $message;
$_SESSION['message_type'] = $message_type;
mysqli_close($conn);
redirect('index.php'); // Redirect back to the supply list
} else {
$message = "เกิดข้อผิดพลาดในการบันทึกข้อมูล: " . mysqli_error($conn);
// Optional: Log the error
// error_log("Error calling AddSupplyBatch: " . mysqli_error($conn));
}
}
} else {
// If accessed directly without POST, redirect
redirect('batch_add.php');
}
// --- Display Error Message if Redirect Failed (Should not happen ideally) ---
if (!empty($message)) {
// --- Include Header and Sidebar ---
$page_title = "ผลการบันทึก";
include_once __DIR__ . '/../includes/header.php';
include_once __DIR__ . '/../includes/sidebar_supply.php';
?>
<div class="container-fluid">
<h1 class="mt-4">ผลการบันทึก</h1>
<div class="alert alert-<?php echo $message_type; ?>" role="alert">
<?php echo $message; ?>
</div>
<a href="batch_add.php" class="btn btn-primary">เพิ่มรายการใหม่</a>
<a href="index.php" class="btn btn-secondary">กลับไปรายการพัสดุ</a>
</div>
<?php
include_once __DIR__ . '/../includes/footer.php';
mysqli_close($conn); // Close connection if not closed already
}
?>