<?php
require_once('conn.php');
// Check login status
checkLogin("信息管理");
// Initialize all variables to avoid undefined warnings
$id = isset($_POST['id']) ? $_POST['id'] : '';
$product_name = isset($_POST['ProductName']) ? htmlspecialcharsFix($_POST['ProductName']) : '';
$product_img = isset($_POST['ProductImg']) ? htmlspecialcharsFix($_POST['ProductImg']) : '';
$unit = isset($_POST['unit']) ? htmlspecialcharsFix($_POST['unit']) : '';
$moq = isset($_POST['moq']) ? htmlspecialcharsFix($_POST['moq']) : '';
$category_id = isset($_POST['category_id']) ? intval($_POST['category_id']) : 0;
$nosale = isset($_POST['nosale']) ? $_POST['nosale'] : array();
$note = isset($_POST['note']) ? htmlspecialcharsFix($_POST['note']) : '';
$tips = isset($_POST['tips']) ? htmlspecialcharsFix($_POST['tips']) : '';
$keys = isset($_POST['keys']) ? $_POST['keys'] : '';
$page = isset($_POST['page']) ? $_POST['page'] : 1;
// Initialize specification variables
$spec_name = isset($_POST['spec_name']) ? $_POST['spec_name'] : array();
$spec_value = isset($_POST['spec_value']) ? $_POST['spec_value'] : array();
$spec_price = isset($_POST['spec_price']) ? $_POST['spec_price'] : array();
$spec_moq = isset($_POST['spec_moq']) ? $_POST['spec_moq'] : array();
$spec_code = isset($_POST['spec_code']) ? $_POST['spec_code'] : array();
$spec_sort = isset($_POST['spec_sort']) ? $_POST['spec_sort'] : array();
// Redirect URL
$redirect_url = "products.php?Keys=" . $keys . "&Page=" . $page;
if ($category_id) {
$redirect_url .= "&category_id=" . $category_id;
}
// Determine if this is an edit or a new record
$is_edit = (!empty($id) && is_numeric($id));
// Process nosale array into comma-separated string
$nosale_str = '';
if (is_array($nosale) && !empty($nosale)) {
$nosale_clean = array_map('intval', $nosale); // Ensure all values are integers
$nosale_str = implode(',', $nosale_clean);
}
// Validate form data
if (empty($product_name)) {
// You could add error handling here
header("Location: " . $redirect_url);
exit();
}
// Validate specifications - at least one specification is required with all fields filled
$has_valid_specs = false;
if (is_array($spec_name) && !empty($spec_name)) {
foreach ($spec_name as $key => $name) {
if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key]) &&
isset($spec_moq[$key]) && !empty($spec_moq[$key])) {
$has_valid_specs = true;
break;
}
}
}
if (!$has_valid_specs) {
// Redirect back with error message
header("Location: " . $redirect_url . "&error=missing_specs");
exit();
}
if ($is_edit) {
// Update existing product
$sql = "UPDATE products SET
ProductName = '" . mysqli_real_escape_string($conn, $product_name) . "',
ProductImg = '" . mysqli_real_escape_string($conn, $product_img) . "',
Addtime = NOW(),
moq = '" . mysqli_real_escape_string($conn, $moq) . "',
unit = '" . mysqli_real_escape_string($conn, $unit) . "',
nosale = '" . $nosale_str . "',
note = '" . mysqli_real_escape_string($conn, $note) . "',
tips = '" . mysqli_real_escape_string($conn, $tips) . "',
category_id = " . $category_id . "
WHERE id = " . (int)$id;
mysqli_query($conn, $sql);
// Clear existing specifications for this product
mysqli_query($conn, "DELETE FROM product_specifications WHERE product_id = " . (int)$id);
// Add new specifications
if (is_array($spec_name) && !empty($spec_name)) {
foreach ($spec_name as $key => $name) {
if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key])) {
$spec_price_value = isset($spec_price[$key]) && is_numeric($spec_price[$key]) ? (float)$spec_price[$key] : 0;
$spec_moq_value = isset($spec_moq[$key]) && is_numeric($spec_moq[$key]) ? (int)$spec_moq[$key] : 1;
$spec_code_value = isset($spec_code[$key]) ? mysqli_real_escape_string($conn, $spec_code[$key]) : '';
$spec_sort_value = isset($spec_sort[$key]) && is_numeric($spec_sort[$key]) ? (int)$spec_sort[$key] : 0;
$spec_value_value = isset($spec_value[$key]) ? mysqli_real_escape_string($conn, $spec_value[$key]) : '';
$sql = "INSERT INTO product_specifications
(product_id, spec_name, spec_value, price, min_order_quantity, spec_code, addtime, sort_order)
VALUES (
" . (int)$id . ",
'" . mysqli_real_escape_string($conn, $name) . "',
'" . $spec_value_value . "',
" . $spec_price_value . ",
" . $spec_moq_value . ",
'" . $spec_code_value . "',
NOW(),
" . $spec_sort_value . "
)";
mysqli_query($conn, $sql);
}
}
}
} else {
// Insert new product
$sql = "INSERT INTO products (ProductName, ProductImg, Addtime, moq, unit, nosale, note, tips, category_id)
VALUES (
'" . mysqli_real_escape_string($conn, $product_name) . "',
'" . mysqli_real_escape_string($conn, $product_img) . "',
NOW(),
'" . mysqli_real_escape_string($conn, $moq) . "',
'" . mysqli_real_escape_string($conn, $unit) . "',
'" . $nosale_str . "',
'" . mysqli_real_escape_string($conn, $note) . "',
'" . mysqli_real_escape_string($conn, $tips) . "',
" . $category_id . "
)";
mysqli_query($conn, $sql);
$id = mysqli_insert_id($conn);
// Add specifications for new product
if (is_array($spec_name) && !empty($spec_name)) {
foreach ($spec_name as $key => $name) {
if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key])) {
$spec_price_value = isset($spec_price[$key]) && is_numeric($spec_price[$key]) ? (float)$spec_price[$key] : 0;
$spec_moq_value = isset($spec_moq[$key]) && is_numeric($spec_moq[$key]) ? (int)$spec_moq[$key] : 1;
$spec_code_value = isset($spec_code[$key]) ? mysqli_real_escape_string($conn, $spec_code[$key]) : '';
$spec_sort_value = isset($spec_sort[$key]) && is_numeric($spec_sort[$key]) ? (int)$spec_sort[$key] : 0;
$spec_value_value = isset($spec_value[$key]) ? mysqli_real_escape_string($conn, $spec_value[$key]) : '';
$sql = "INSERT INTO product_specifications
(product_id, spec_name, spec_value, price, min_order_quantity, spec_code, addtime, sort_order)
VALUES (
" . (int)$id . ",
'" . mysqli_real_escape_string($conn, $name) . "',
'" . $spec_value_value . "',
" . $spec_price_value . ",
" . $spec_moq_value . ",
'" . $spec_code_value . "',
NOW(),
" . $spec_sort_value . "
)";
mysqli_query($conn, $sql);
}
}
}
}
// Redirect after save
mysqli_close($conn);
header("Location: " . $redirect_url);
exit();