From b23359ff3870ab8a1418d8d338a08b78d9075386 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 11 Sep 2022 11:08:48 +0100
Subject: [PATCH] Adjust contact API to allow department to be text rather than
 int due to db schema change

---
 api/v1/contacts/contact_model.php | 2 +-
 api/v1/contacts/create.php        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/v1/contacts/contact_model.php b/api/v1/contacts/contact_model.php
index 5d8e3da6..312555c7 100644
--- a/api/v1/contacts/contact_model.php
+++ b/api/v1/contacts/contact_model.php
@@ -3,7 +3,7 @@ define('number_regex', '/[^0-9]/');
 
 $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
 $title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
-$department = intval($_POST['contact_department']);
+$department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_department'])));
 $phone = preg_replace(number_regex, '', $_POST['contact_phone']);
 $extension = preg_replace(number_regex, '', $_POST['contact_extension']);
 $mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
diff --git a/api/v1/contacts/create.php b/api/v1/contacts/create.php
index 101b9a95..7ba620d5 100644
--- a/api/v1/contacts/create.php
+++ b/api/v1/contacts/create.php
@@ -17,7 +17,7 @@ if(!empty($name) && !empty($email) && !empty($client_id)){
   if(mysqli_num_rows($email_duplication_sql) == 0){
 
     // Insert contact
-    $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
 
     // Check insert & get insert ID
     if($insert_sql){