invisio v2.0

<?php 
error_reporting(E_ALL);
include('../../../config/main_function.php');
$secure = "cAh3DrJACzw4RbU";
$connection = connectDB($secure);

$inputData = mysqli_real_escape_string($connection, $_POST["inputData"]);
$countNo = mysqli_real_escape_string($connection, $_POST["countNo"]);
$nextNo = mysqli_real_escape_string($connection, $_POST["nextNo"]);
$start_no = mysqli_real_escape_string($connection, $_POST["start_no"]);

$needle   = 'efa-member.com/qr';

$checkMember = 1;

$sql_system = "SELECT * FROM tbl_system_setting WHERE setting_id = '1';";
$rs_system = mysqli_query($connection , $sql_system);
$row_system = mysqli_fetch_array($rs_system);

$key = $row_system['secure_text'];
$pointer = $row_system['secure_pointer'];

if (strpos($inputData, $needle) != "") {
    
    $inputArray = explode('=', $inputData);
    $member_id = end($inputArray);

$sqlMember = "SELECT * FROM `tbl_member` WHERE `member_id` = '$member_id' AND `storage_no`  IS NULL";

$arr['sql'] = $sqlMember;
    $arr['member_id'] = $member_id;

} else if (strlen($inputData) == 13) {

$arr['citizen_id'] = $inputData;
    $citizen_id = bigsara_encode($inputData , $key , $pointer);

$arr['citizen_id_encode'] = $member_id;
    $sqlMember = "SELECT * FROM `tbl_member` WHERE `citizen_id` = '$citizen_id' AND `storage_no`  IS NULL";
    $arr['sql'] = $sqlMember;
} else {
    $checkMember = 0;
}
// https://efa-member.com/qr=7073903924
if ($checkMember == 1) {
    
    $resultMember = mysqli_query($connection, $sqlMember);
    if (mysqli_num_rows($resultMember) == 1) {

$rowMember = mysqli_fetch_array($resultMember);

switch ($rowMember['register_type']) {
            case '1': 
                $table = "tbl_member_detail_employer"; 
                break;
            case '2': 
                $table = "tbl_member_detail_company"; 
                break;
            case '3': 
                $table = "tbl_member_detail_agency"; 
                break;
            case '4': 
                $table = "tbl_member_detail_worker"; 
                break;
        }

$sqlDetail = "SELECT * FROM `$table` WHERE `member_id` = '$member_id'";
        $arr['sql2'] = $sqlDetail;
        $rsDetail = mysqli_query($connection, $sqlDetail);
        $rowDetail = mysqli_fetch_array($rsDetail);

$member_id = $rowMember["member_id"];
        $dataTime = date("Y-m-d H:i:s");
        $sqlUpdate = "UPDATE `tbl_member` SET `storage_no` = '$nextNo', `storage_date` = '$dataTime' WHERE `tbl_member`.`member_id` = '$member_id'";
        $arr['sql3'] = $sqlUpdate;
        if (mysqli_query($connection, $sqlUpdate)) {

$sqlStorage = "UPDATE `tbl_storage` SET `storage_count` = '$countNo' WHERE `tbl_storage`.`start_no` = '$start_no';";
            mysqli_query($connection, $sqlStorage);

$arr['member_id'] = $member_id;
            $arr['member_name'] = bigsara_decode($rowDetail["member_name"] , $key , $pointer);
            $arr['storage_no'] = number_format($rowMember["storage_no"]);

$status = 1;
        } else {
            $status = 2;
        }
        
    } else { 
        $status = 3;
    }

} else { 
    $status = 4;
}

$arr['status'] = $status;

echo json_encode($arr);