assetmgt/api/v1/get/equipment_data.php

<?php
defined($security_key) or exit;

//------------------------------------------
// Equipment_data
//------------------------------------------

//Connect to DB
$pdo = dbConnect($dbname);

//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);  

//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

//default whereclause
list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner,'get');

//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];   
$clause = '';

//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){    
    //GET VARIABLES FROM URL
    $requests = explode("&", $get_content);     
    //Check for keys and values
    foreach ($requests as $y){
        $v = explode("=", $y);
        //INCLUDE VARIABLES IN ARRAY
        $criterias[$v[0]] = $v[1]; 
        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='products' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='success_msg' || $v[0] =='download' || $v[0] =='sort'){
        //do nothing
        } 
        elseif ($v[0] == 'serialnumber') {
            //build up serialnumber
            //check if multiple serialnumbers are provided
            if (str_contains($v[1], ',')){
                $inputs = explode(",",$v[1]);
                $new_querystring = ''; //empty querystring
                $x=0;
                foreach($inputs as $input){
                    //create key
                    $new_key = $v[0].'_'.$x;
                    //inject new key/value to array
                    $criterias[$new_key] = $input;
                    $new_querystring .= ':'.$new_key.','; 
                    $x++;
                }
                //remove obsolete last character from new_querystring
                $new_querystring = substr($new_querystring,0, -1);
                //add new_querystring to clause
                $clause .= ' AND e.serialnumber IN ('.$new_querystring.')'; 
                //remove original key/value from array
                unset($criterias[$v[0]]);
            } 
            else {
                $clause .= ' AND e.serialnumber IN (:'.$v[0].')'; 
            }
        }
        elseif ($v[0] == 'rowid') {
            //build up search
            $clause .= ' AND ed.rowID = :'.$v[0]; 
        }
        else {//create clause
        $clause .= ' AND '.$v[0].' = :'.$v[0];
        }
    }
    if ($whereclause == '' && $clause !=''){
        $whereclause = 'WHERE '.substr($clause, 4);
    } else {
        $whereclause .= $clause;
    }
} 


if (isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
    $sql = 'SELECT count(*) as count from equipment_data ed '.$whereclause.'';
}
else {
    //SQL for Paging 
    $sql = 'SELECT e.productrowid, e.hw_version, e.serialnumber, ed.* from equipment e JOIN equipment_data ed ON e.rowID = ed.equipmentid '.$whereclause.' ORDER BY ed.equipmentid, ed.historyid ASC';
}

$stmt = $pdo->prepare($sql);

//------------------------------------------
//Bind to query
//------------------------------------------

if (str_contains($whereclause, ':condition')){
    $stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}

if (!empty($criterias)){
    foreach ($criterias as $key => $value){
        $key_condition = ':'.$key;
        if (str_contains($whereclause, $key_condition)){
            if ($key == 'search'){
                $search_value = '%'.$value.'%';
                $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
            }
            elseif ($key == 'p'){
                //Do nothing (bug)
            }
            else {
                $stmt->bindValue($key, $value, PDO::PARAM_STR);
            }
        }
    }
}

//------------------------------------------
// Debuglog
//------------------------------------------
if (debug){
    $message = $date.';'.$sql.';'.$username;
    debuglog($message);
}
//------------------------------------------
//Add paging details
//------------------------------------------
if(isset($criterias['totals']) && $criterias['totals']==''){
    $stmt->execute();
    $messages = $stmt->fetch();
    $messages = $messages[0];
}
else {
    //$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
    //$stmt->bindValue('page', ($current_page - 1) * $page_rows_equipment, PDO::PARAM_INT);
    //$stmt->bindValue('num_products', $page_rows_equipment, PDO::PARAM_INT);
    //Excute Query
    $stmt->execute();
    //Get results
    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//Encrypt results
//------------------------------------------
$messages = generate_payload($messages);
//------------------------------------------
//Send results
//------------------------------------------
echo $messages; 

?>