gary_wms/wms/meeting-record-submit.php

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    foreach ($_POST as $k => $v) {
        $$k = htmlspecialchars(stripslashes(trim($v)));
    }

    // 發信名單
    $mail_list = [];
    // 與會人員名單:$attend_all
    // 會議發起人也發系統通知及會議通知:$notice_list
    if ($attend_all) {
        $pos = strpos($attend_all, $user_id);
        if ($pos === false) $notice_list = $attend_all.",".$user_id;
        else $notice_list = $attend_all;
        $notice_list_str = str_replace(",", "','", $notice_list);
        $sql = "select name, email from account where accountid in ('$notice_list_str')";
        $res = mysqli_query($link, $sql);
        $mail_list = mysqli_fetch_all($res);
        mysqli_free_result($res);
    }

    // 會議時間是否重覆
    $check_sdate = $mdate." ".$stime;
    $check_edate = $mdate." ".$etime;
    $db_query  = "select count(*) from meeting where ( ";
    $db_query .= "('$check_edate' >= concat(mdate, ' ', stime) && '$check_edate' <= concat(mdate, ' ', etime)) or ";
    $db_query .= "('$check_sdate' >= concat(mdate, ' ', stime) && '$check_sdate' <= concat(mdate, ' ', etime))) and room = '$room'";
    $result = mysqli_query($link, $db_query);
    $row = mysqli_fetch_row($result);
    if ($row[0] > 0) {
        echo "<script type='text/JavaScript'>";
        echo "alert('無法建立此會議，請確認會議時間是否衝突或會議室是否已有人預訂。');";
        echo "history.go(-1);";
        echo "</script>";
    } else {
        // 儲存會議資料
        $db_query  = "insert into meeting (title, mdate, stime, etime, room, content, equip, status, attend, creater, create_at) values (";
        $db_query .= "'$title', '$mdate', '$stime', '$etime', '$room', '$content', '$equip', 'Y', '$attend_all', '$user_id', '$create_at')";
        $result = mysqli_query($link, $db_query);
        if (mysqli_affected_rows($link) > 0) {
            $new_id = mysqli_insert_id($link);  // 會議流水號

            if ($attend_all) {
                // 通知列表
                $sql = "insert into notice (kind, related_id, title, content, permission, creater, create_at) values ('2', '$new_id', '$title', '$content', '$notice_list', '$user_id', '$create_at')";
                $res = mysqli_query($link, $sql);

                // 寫入行事曆/會議:橘色
                $notice_list_arr = explode(",", $notice_list);
                foreach ($notice_list_arr as $accountid) {
                    $sql = "insert into events (related_id, accountid, title, description, color, date) values ('$new_id', '$accountid', '$title', '$content', '#FF5809', '$check_sdate')"; 
                    $res = mysqli_query($link, $sql);
                }

                // 發信
                include "class/Cmail.php";
                $sendmail = new Cmail;
                $sendmail->sendx($title, $content, $mail_list);
            }

            if (mysqli_affected_rows($link) > 0) {
                mysqli_close($link);
                echo "<script type ='text/JavaScript'>";
                echo "alert('新增成功');";
                echo "location.href='meeting-index.php?function_name=meeting&token=".$token."';";
                echo "</script>";
            }
        } elseif (mysqli_affected_rows($link)==0) {
            mysqli_close($link);
            echo "<script type ='text/JavaScript'>";
            echo "alert('無新增資料');";
            echo "location.href='meeting-index.php?function_name=meeting&token=".$token."';";
            echo "</script>";
        } else {
            echo "{$db_query} 語法執行失敗，錯誤訊息SSS: " . mysqli_error($link);
        }
    }
}
?>