Add '' to the date vars under API assets if not empty so they dont error out when inserted into the DB

2023-03-04 16:13:38 -05:00 · 2023-03-04 16:13:38 -05:00 · c0af8e8eab
parent e01dea2fd0
commit c0af8e8eab
2 changed files with 9 additions and 9 deletions
--- a/api/v1/assets/asset_model.php
+++ b/api/v1/assets/asset_model.php
@ -73,27 +73,27 @@ if (isset($_POST['asset_status'])) {
 }

 if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
-    $purchase_date = sanitizeInput($_POST['asset_purchase_date']);
+    $purchase_date = "'" . sanitizeInput($_POST['asset_purchase_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
-    $purchase_date = $asset_row['asset_purchase_date'];
+    $purchase_date = "'" . $asset_row['asset_purchase_date'] . "'";
 } else {
    $purchase_date = "NULL";
 }

 if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
-    $warranty_expire = sanitizeInput($_POST['asset_warranty_expire']);
+    $warranty_expire = "'" . sanitizeInput($_POST['asset_warranty_expire']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
-    $warranty_expire = $asset_row['asset_warranty_expire'];
+    $warranty_expire = "'" . $asset_row['asset_warranty_expire'] . "'";
 } else {
-    $warranty_expire = "0000-00-00";
+    $warranty_expire = "NULL";
 }

 if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
-    $install_date = sanitizeInput($_POST['asset_install_date']);
+    $install_date = "'" . sanitizeInput($_POST['asset_install_date']) . "'";
 } elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
-    $install_date = $asset_row['asset_install_date'];
+    $install_date = "'" . $asset_row['asset_install_date'] . "'";
 } else {
-    $install_date = "0000-00-00";
+    $install_date = "NULL";
 }

 if (isset($_POST['asset_notes'])) {
--- a/api/v1/assets/update.php
+++ b/api/v1/assets/update.php
@ -16,7 +16,7 @@ if (!empty($asset_id)) {
    // Variable assignment from POST - assigning the current database value if a value is not provided
    require_once('asset_model.php');

-    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+    $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");

    // Check insert & get insert ID
    if ($update_sql) {