igamebox
/
mtb_crm_asp


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
							<?php
require_once('conn.php');

// Check login status
checkLogin("信息管理");

// Initialize all variables to avoid undefined warnings
$id = isset($_POST['id']) ? $_POST['id'] : '';
$product_name = isset($_POST['ProductName']) ? htmlspecialcharsFix($_POST['ProductName']) : '';
$product_img = isset($_POST['ProductImg']) ? htmlspecialcharsFix($_POST['ProductImg']) : '';
$unit = isset($_POST['unit']) ? htmlspecialcharsFix($_POST['unit']) : '';
$moq = isset($_POST['moq']) ? htmlspecialcharsFix($_POST['moq']) : '';
$category_id = isset($_POST['category_id']) ? intval($_POST['category_id']) : 0;
$nosale = isset($_POST['nosale']) ? $_POST['nosale'] : array();
$note = isset($_POST['note']) ? htmlspecialcharsFix($_POST['note']) : '';
$tips = isset($_POST['tips']) ? htmlspecialcharsFix($_POST['tips']) : '';
$keys = isset($_POST['keys']) ? $_POST['keys'] : '';
$page = isset($_POST['page']) ? $_POST['page'] : 1;

// Initialize specification variables
$spec_name = isset($_POST['spec_name']) ? $_POST['spec_name'] : array();
$spec_value = isset($_POST['spec_value']) ? $_POST['spec_value'] : array();
$spec_price = isset($_POST['spec_price']) ? $_POST['spec_price'] : array();
$spec_moq = isset($_POST['spec_moq']) ? $_POST['spec_moq'] : array();
$spec_code = isset($_POST['spec_code']) ? $_POST['spec_code'] : array();
$spec_sort = isset($_POST['spec_sort']) ? $_POST['spec_sort'] : array();

// Redirect URL
$redirect_url = "products.php?Keys=" . $keys . "&Page=" . $page;
if ($category_id) {
    $redirect_url .= "&category_id=" . $category_id;
}

// Determine if this is an edit or a new record
$is_edit = (!empty($id) && is_numeric($id));

// Process nosale array into comma-separated string
$nosale_str = '';
if (is_array($nosale) && !empty($nosale)) {
    $nosale_clean = array_map('intval', $nosale); // Ensure all values are integers
    $nosale_str = implode(',', $nosale_clean);
}

// Validate form data
if (empty($product_name)) {
    // You could add error handling here
    header("Location: " . $redirect_url);
    exit();
}

// Validate specifications - at least one specification is required with all fields filled
$has_valid_specs = false;
if (is_array($spec_name) && !empty($spec_name)) {
    foreach ($spec_name as $key => $name) {
        if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key]) && 
            isset($spec_moq[$key]) && !empty($spec_moq[$key])) {
            $has_valid_specs = true;
            break;
        }
    }
}

if (!$has_valid_specs) {
    // Redirect back with error message
    header("Location: " . $redirect_url . "&error=missing_specs");
    exit();
}

if ($is_edit) {
    // Update existing product
    $sql = "UPDATE products SET 
            ProductName = '" . mysqli_real_escape_string($conn, $product_name) . "',
            ProductImg = '" . mysqli_real_escape_string($conn, $product_img) . "',
            Addtime = NOW(),
            moq = '" . mysqli_real_escape_string($conn, $moq) . "',
            unit = '" . mysqli_real_escape_string($conn, $unit) . "',
            nosale = '" . $nosale_str . "',
            note = '" . mysqli_real_escape_string($conn, $note) . "',
            tips = '" . mysqli_real_escape_string($conn, $tips) . "',
            category_id = " . $category_id . "
            WHERE id = " . (int)$id;
    mysqli_query($conn, $sql);
    
    // Clear existing specifications for this product
    mysqli_query($conn, "DELETE FROM product_specifications WHERE product_id = " . (int)$id);
    
    // Add new specifications
    if (is_array($spec_name) && !empty($spec_name)) {
        foreach ($spec_name as $key => $name) {
            if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key])) {
                $spec_price_value = isset($spec_price[$key]) && is_numeric($spec_price[$key]) ? (float)$spec_price[$key] : 0;
                $spec_moq_value = isset($spec_moq[$key]) && is_numeric($spec_moq[$key]) ? (int)$spec_moq[$key] : 1;
                $spec_code_value = isset($spec_code[$key]) ? mysqli_real_escape_string($conn, $spec_code[$key]) : '';
                $spec_sort_value = isset($spec_sort[$key]) && is_numeric($spec_sort[$key]) ? (int)$spec_sort[$key] : 0;
                $spec_value_value = isset($spec_value[$key]) ? mysqli_real_escape_string($conn, $spec_value[$key]) : '';
                
                $sql = "INSERT INTO product_specifications 
                        (product_id, spec_name, spec_value, price, min_order_quantity, spec_code, addtime, sort_order) 
                        VALUES (
                            " . (int)$id . ", 
                            '" . mysqli_real_escape_string($conn, $name) . "', 
                            '" . $spec_value_value . "', 
                            " . $spec_price_value . ", 
                            " . $spec_moq_value . ", 
                            '" . $spec_code_value . "', 
                            NOW(), 
                            " . $spec_sort_value . "
                        )";
                mysqli_query($conn, $sql);
            }
        }
    }
} else {
    // Insert new product
    $sql = "INSERT INTO products (ProductName, ProductImg, Addtime, moq, unit, nosale, note, tips, category_id) 
            VALUES (
                '" . mysqli_real_escape_string($conn, $product_name) . "',
                '" . mysqli_real_escape_string($conn, $product_img) . "',
                NOW(),
                '" . mysqli_real_escape_string($conn, $moq) . "',
                '" . mysqli_real_escape_string($conn, $unit) . "',
                '" . $nosale_str . "',
                '" . mysqli_real_escape_string($conn, $note) . "',
                '" . mysqli_real_escape_string($conn, $tips) . "',
                " . $category_id . "
            )";
    mysqli_query($conn, $sql);
    $id = mysqli_insert_id($conn);
    
    // Add specifications for new product
    if (is_array($spec_name) && !empty($spec_name)) {
        foreach ($spec_name as $key => $name) {
            if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key])) {
                $spec_price_value = isset($spec_price[$key]) && is_numeric($spec_price[$key]) ? (float)$spec_price[$key] : 0;
                $spec_moq_value = isset($spec_moq[$key]) && is_numeric($spec_moq[$key]) ? (int)$spec_moq[$key] : 1;
                $spec_code_value = isset($spec_code[$key]) ? mysqli_real_escape_string($conn, $spec_code[$key]) : '';
                $spec_sort_value = isset($spec_sort[$key]) && is_numeric($spec_sort[$key]) ? (int)$spec_sort[$key] : 0;
                $spec_value_value = isset($spec_value[$key]) ? mysqli_real_escape_string($conn, $spec_value[$key]) : '';
                
                $sql = "INSERT INTO product_specifications 
                        (product_id, spec_name, spec_value, price, min_order_quantity, spec_code, addtime, sort_order) 
                        VALUES (
                            " . (int)$id . ", 
                            '" . mysqli_real_escape_string($conn, $name) . "', 
                            '" . $spec_value_value . "', 
                            " . $spec_price_value . ", 
                            " . $spec_moq_value . ", 
                            '" . $spec_code_value . "', 
                            NOW(), 
                            " . $spec_sort_value . "
                        )";
                mysqli_query($conn, $sql);
            }
        }
    }
}

// Redirect after save
mysqli_close($conn);
header("Location: " . $redirect_url);
exit();