diff --git a/invoice.php b/invoice.php index 437fc32c0..91f50d931 100644 --- a/invoice.php +++ b/invoice.php @@ -290,14 +290,32 @@ -
+
- + - - + + +
diff --git a/post/invoice.php b/post/invoice.php index d95964251..5a547b279 100644 --- a/post/invoice.php +++ b/post/invoice.php @@ -1085,59 +1085,37 @@ } -if (isset($_POST['update_invoice_item_order'])) { - - if ($_POST['update_invoice_item_order'] == 'up') { - $item_id = intval($_POST['item_id']); - $item_invoice_id = intval($_POST['item_invoice_id']); - - $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id"); - $row = mysqli_fetch_array($sql); - $item_order = intval($row['item_order']); - - $new_item_order = $item_order - 1; - - //Check if new item order is used - $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $item_invoice_id AND item_order = $new_item_order"); - - //Redo the entire order of list - while ($row = mysqli_fetch_array($sql)) { - $item_id = intval($row['item_id']); - $item_order = intval($row['item_order']); - - $new_item_order = $item_order + 1; - - mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id"); - } - - - - mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $item_order WHERE item_invoice_id = $item_invoice_id AND item_order = $new_item_order"); - mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id"); - - $_SESSION['alert_message'] = "Item moved up"; - - header("Location: " . $_SERVER["HTTP_REFERER"]); - - } +if (isset($_POST['update_invoice_item_order'])) { - if ($_POST['update_invoice_item_order'] == 'down') { - $item_id = intval($_POST['item_id']); - $item_invoice_id = intval($_POST['item_invoice_id']); - - $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id"); - $row = mysqli_fetch_array($sql); - $item_order = intval($row['item_order']); + $item_id = intval($_POST['item_id']); + $item_invoice_id = intval($_POST['item_invoice_id']); - $new_item_order = $item_order + 1; + $sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_id = $item_id"); + $row = mysqli_fetch_array($sql); + $current_order = intval($row['item_order']); + $update_direction = sanitizeInput($_POST['update_invoice_item_order']); + + switch ($update_direction) + { + case 'up': + $new_order = $current_order - 1; + break; + case 'down': + $new_order = $current_order + 1; + break; + } - mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $item_order WHERE item_invoice_id = $item_invoice_id AND item_order = $new_item_order"); - mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_item_order WHERE item_id = $item_id"); + //Find item_id of current item in $new_order + $other_sql = mysqli_query($mysqli,"SELECT * FROM invoice_items WHERE item_invoice_id = $item_invoice_id AND item_order = $new_order"); + $other_row = mysqli_fetch_array($other_sql); + $other_item_id = intval($other_row['item_id']); + $other_row_str = strval($other_row['item_name']); - $_SESSION['alert_message'] = "Item moved down"; + mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $new_order WHERE item_id = $item_id"); - header("Location: " . $_SERVER["HTTP_REFERER"]); + mysqli_query($mysqli,"UPDATE invoice_items SET item_order = $current_order WHERE item_id = $other_item_id"); - } + $_SESSION['alert_message'] = "Invoice Item Order Updated"; + header("Location: " . $_SERVER["HTTP_REFERER"]); } \ No newline at end of file