ESH/save_staff_user.php

<?php 
include('includes/config/config.php');
include ('includes/functions.php');
include ('log_entry.php');
  $ohc_type_ids = implode(',', $_REQUEST['ohc_type']);
  $user_role_ids = implode(',', $_REQUEST['role']);

if(!empty($_REQUEST['user_id'])){
    $query = " UPDATE tbl_users  SET user_name='".addslashes($_REQUEST['user_name'])."',user_password='".addslashes($_REQUEST['user_password'])."',status='".$_REQUEST['user_status']."',email='".addslashes($_REQUEST['user_email'])."',landing_page='".$_REQUEST['landing_page']."',ohc_type='".$ohc_type_ids."',remarks='".addslashes($_REQUEST['remarks'])."',emp_id ='".$_REQUEST['emp_id']."',role_id ='".$user_role_ids."',current_ohctype='".$_SESSION['current_ohcttype']."', modified_by='".$_SESSION['user_id']."'  where user_id = '".$_REQUEST['user_id']."'    ";
}
else {
    $query = "INSERT into tbl_users  SET user_name='".addslashes($_REQUEST['user_name'])."',user_password='".addslashes($_REQUEST['user_password'])."',email='".addslashes($_REQUEST['user_email'])."',landing_page='".$_REQUEST['landing_page']."', ohc_type='".$ohc_type_ids."',remarks='".addslashes($_REQUEST['remarks'])."',emp_id ='".$_REQUEST['emp_id']."',role_id ='".$user_role_ids."',current_ohctype='".$_SESSION['current_ohcttype']."', modified_by='".$_SESSION['user_id']."' ,status='".$_REQUEST['user_status']."', staff_id = '".$_REQUEST['staff_id']."' ";
}
error_log($query);
if (!$result = @mysqli_query($conn,$query)) {
            exit(mysqli_error($conn));
}

?>
first commit 2024-10-23 18:28:06 +05:30			`<?php`
			`include('includes/config/config.php');`
			`include ('includes/functions.php');`
			`include ('log_entry.php');`
			`$ohc_type_ids = implode(',', $_REQUEST['ohc_type']);`
			`$user_role_ids = implode(',', $_REQUEST['role']);`

			`if(!empty($_REQUEST['user_id'])){`
			$query = " UPDATE tbl_users SET user_name='".addslashes($_REQUEST['user_name'])."',user_password='".addslashes($_REQUEST['user_password'])."',status='".$_REQUEST['user_status']."',email='".addslashes($_REQUEST['user_email'])."',landing_page='".$_REQUEST['landing_page']."',ohc_type='".$ohc_type_ids."',remarks='".addslashes($_REQUEST['remarks'])."',emp_id ='".$_REQUEST['emp_id']."',role_id ='".$user_role_ids."',current_ohctype='".$_SESSION['current_ohcttype']."', modified_by='".$_SESSION['user_id']."' where user_id = '".$_REQUEST['user_id']."' ";
			`}`
			`else {`
			$query = "INSERT into tbl_users SET user_name='".addslashes($_REQUEST['user_name'])."',user_password='".addslashes($_REQUEST['user_password'])."',email='".addslashes($_REQUEST['user_email'])."',landing_page='".$_REQUEST['landing_page']."', ohc_type='".$ohc_type_ids."',remarks='".addslashes($_REQUEST['remarks'])."',emp_id ='".$_REQUEST['emp_id']."',role_id ='".$user_role_ids."',current_ohctype='".$_SESSION['current_ohcttype']."', modified_by='".$_SESSION['user_id']."' ,status='".$_REQUEST['user_status']."', staff_id = '".$_REQUEST['staff_id']."' ";
			`}`
			`error_log($query);`
			`if (!$result = @mysqli_query($conn,$query)) {`
			`exit(mysqli_error($conn));`
			`}`

			`?>`