<!--#include file="./includes/sql.asp"-->
<%
	' Get form data
	Dim pcid, vendorid, modelnumberid, machinenumber

	pcid = Trim(Request.Form("pcid"))
	vendorid = Trim(Request.Form("vendorid"))
	modelnumberid = Trim(Request.Form("modelid"))
	machinenumber = Trim(Request.Form("machinenumber"))

	' Get form inputs for new model
	Dim newmodelnumber, newvendorid
	newmodelnumber = Trim(Request.Form("newpcmodelnumber"))
	newvendorid = Trim(Request.Form("newpcmodelvendorid"))

	' Get form inputs for new vendor
	Dim newvendorname
	newvendorname = Trim(Request.Form("newpcvendorname"))

	' Validate required ID fields
	If Not IsNumeric(pcid) Or CLng(pcid) < 1 Then
		Response.Write("Invalid PC ID")
		objConn.Close
		Response.End
	End If

	' Verify the PC exists
	Dim checkSQL, rsCheck
	checkSQL = "SELECT COUNT(*) as cnt FROM pc WHERE pcid = " & CLng(pcid)
	Set rsCheck = objConn.Execute(checkSQL)
	If Not rsCheck.EOF Then
		If CLng(rsCheck("cnt")) = 0 Then
			rsCheck.Close
			objConn.Close
			Response.Redirect("displaypcs.asp")
			Response.End
		End If
	End If
	rsCheck.Close

	' Validate optional ID fields - allow "new" as a valid value for model and vendor
	If vendorid <> "" And vendorid <> "new" Then
		If Not IsNumeric(vendorid) Or CLng(vendorid) < 1 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=INVALID_ID")
			objConn.Close
			Response.End
		End If
	End If

	If modelnumberid <> "" And modelnumberid <> "new" Then
		If Not IsNumeric(modelnumberid) Or CLng(modelnumberid) < 1 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=INVALID_ID")
			objConn.Close
			Response.End
		End If
	End If

	' Handle new vendor creation
	If vendorid = "new" Then
		If Len(newvendorname) = 0 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=REQUIRED_FIELD")
			objConn.Close
			Response.End
		End If

		If Len(newvendorname) > 50 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=INVALID_INPUT")
			objConn.Close
			Response.End
		End If

		' Escape single quotes
		Dim escapedVendorName
		escapedVendorName = Replace(newvendorname, "'", "''")

		' Insert new vendor (with ispc=1)
		Dim sqlNewVendor
		sqlNewVendor = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES ('" & escapedVendorName & "', 1, 0, 1, 0)"

		On Error Resume Next
		objConn.Execute sqlNewVendor

		If Err.Number <> 0 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=db&msg=" & Server.URLEncode(Err.Description))
			objConn.Close
			Response.End
		End If

		' Get the newly created vendor ID
		Dim rsNewVendor
		Set rsNewVendor = objConn.Execute("SELECT LAST_INSERT_ID() AS newid")
		vendorid = CLng(rsNewVendor("newid"))
		rsNewVendor.Close
		Set rsNewVendor = Nothing
		On Error Goto 0
	End If

	' Handle new model creation
	If modelnumberid = "new" Then
		If Len(newmodelnumber) = 0 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=REQUIRED_FIELD")
			objConn.Close
			Response.End
		End If

		If Len(newvendorid) = 0 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=REQUIRED_FIELD")
			objConn.Close
			Response.End
		End If

		If Len(newmodelnumber) > 50 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=INVALID_INPUT")
			objConn.Close
			Response.End
		End If

		' If vendor was also created new, use that vendor ID
		If vendorid <> "" And IsNumeric(vendorid) Then
			newvendorid = vendorid
		End If

		' Escape single quotes for model
		Dim escapedModelNumber
		escapedModelNumber = Replace(newmodelnumber, "'", "''")

		' Insert new model
		Dim sqlNewModel
		sqlNewModel = "INSERT INTO models (modelnumber, vendorid, isactive) VALUES ('" & escapedModelNumber & "', " & newvendorid & ", 1)"

		On Error Resume Next
		objConn.Execute sqlNewModel

		If Err.Number <> 0 Then
			Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=db&msg=" & Server.URLEncode(Err.Description))
			objConn.Close
			Response.End
		End If

		' Get the newly created model ID
		Dim rsNewModel
		Set rsNewModel = objConn.Execute("SELECT LAST_INSERT_ID() AS newid")
		modelnumberid = CLng(rsNewModel("newid"))
		rsNewModel.Close
		Set rsNewModel = Nothing
		On Error Goto 0
	End If

	' Validate machine number length
	If machinenumber <> "" And Len(machinenumber) > 50 Then
		Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=INVALID_INPUT")
		objConn.Close
		Response.End
	End If

	' Escape single quotes for machine number
	If machinenumber <> "" Then
		machinenumber = Replace(machinenumber, "'", "''")
	End If

	' Build UPDATE statement for PC
	Dim strSQL
	strSQL = "UPDATE pc SET "

	' Update model if provided
	If modelnumberid <> "" And IsNumeric(modelnumberid) Then
		strSQL = strSQL & "modelnumberid = " & modelnumberid & ", "
	End If

	' Update machine number
	If machinenumber <> "" Then
		strSQL = strSQL & "machinenumber = '" & machinenumber & "', "
	Else
		strSQL = strSQL & "machinenumber = NULL, "
	End If

	' Add lastupdated timestamp
	strSQL = strSQL & "lastupdated = NOW() WHERE pcid = " & pcid

	On Error Resume Next
	objConn.Execute strSQL

	If Err.Number <> 0 Then
		Response.Redirect("displaypc.asp?pcid=" & pcid & "&error=db")
		objConn.Close
		Response.End
	End If

	objConn.Close

	' Success - redirect back to displaypc
	Response.Redirect("./displaypc.asp?pcid=" & pcid)
%>