From e01dea2fd09d7169f0db9424dc7150edce4e2f35 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sat, 4 Mar 2023 15:58:34 -0500
Subject: [PATCH] Fix Assets API Missing $ on var and use NULL instead of
 0000-00-00 when inserting into the DB similar to POST

---
 api/v1/assets/asset_model.php | 4 ++--
 api/v1/assets/create.php      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/v1/assets/asset_model.php b/api/v1/assets/asset_model.php
index 024df520..ba96fe49 100644
--- a/api/v1/assets/asset_model.php
+++ b/api/v1/assets/asset_model.php
@@ -2,7 +2,7 @@
 
 // Variable assignment from POST (or: blank/from DB is updating)
 if (isset($_POST['asset_name'])) {
-    $name = sanitizeInput(_POST['asset_name']);
+    $name = sanitizeInput($_POST['asset_name']);
 } elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
     $name = $asset_row['asset_name'];
 } else {
@@ -77,7 +77,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
 } elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
     $purchase_date = $asset_row['asset_purchase_date'];
 } else {
-    $purchase_date = "0000-00-00";
+    $purchase_date = "NULL";
 }
 
 if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
diff --git a/api/v1/assets/create.php b/api/v1/assets/create.php
index 4ea30ab4..3d12db99 100644
--- a/api/v1/assets/create.php
+++ b/api/v1/assets/create.php
@@ -11,7 +11,7 @@ $insert_id = false;
 
 if (!empty($name) && !empty($client_id)) {
     // Insert into Database
-    $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
 
     if ($insert_sql) {
         $insert_id = mysqli_insert_id($mysqli);