[Weberp-cvs] SF.net SVN: web-erp:[3630] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 3630
          http://web-erp.svn.sourceforge.net/web-erp/?rev=3630&view=rev
Author:   tim_schofield
Date:     2010-07-17 19:26:07 +0000 (Sat, 17 Jul 2010)

Log Message:
-----------
SQL quoting and layout changes

Modified Paths:
--------------
    trunk/OrderDetails.php
    trunk/SelectCompletedOrder.php
    trunk/doc/Change.log.html

Modified: trunk/OrderDetails.php
===================================================================

--- trunk/OrderDetails.php	2010-07-17 19:25:46 UTC (rev 3629)
+++ trunk/OrderDetails.php	2010-07-17 19:26:07 UTC (rev 3630)
@@ -7,6 +7,8 @@
 /* Session started in header.inc for password checking and authorisation level check */
 include('includes/session.inc');
 
+$_GET['OrderNumber']=(int)$_GET['OrderNumber'];
+
 if (isset($_GET['OrderNumber'])) {
 	$title = _('Reviewing Sales Order Number') . ' ' . $_GET['OrderNumber'];
 } else {
@@ -19,7 +21,7 @@
 
 include('includes/header.inc');
 
-$OrderHeaderSQL = 'SELECT
+$OrderHeaderSQL = "SELECT
 			salesorders.debtorno,
 			debtorsmaster.name,
 			salesorders.branchcode,
@@ -46,73 +48,77 @@
 			debtorsmaster
 		WHERE
 			salesorders.debtorno = debtorsmaster.debtorno
-		AND salesorders.orderno = ' . $_GET['OrderNumber'];
+		AND salesorders.orderno = '" . $_GET['OrderNumber'] . "'";
 
 $ErrMsg =  _('The order cannot be retrieved because');
 $DbgMsg = _('The SQL that failed to get the order header was');
 $GetOrdHdrResult = DB_query($OrderHeaderSQL,$db, $ErrMsg, $DbgMsg);
 
 if (DB_num_rows($GetOrdHdrResult)==1) {
+	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/supplier.png" title="' .
+		_('Order Details') . '" alt="">' . ' ' . $title . '</p>';
 
 	$myrow = DB_fetch_array($GetOrdHdrResult);
-	echo '<br><br><table bgcolor="#CCCCCC">';
+	echo '<table class=selection>';
+	echo '<tr><th colspan=4><font color=blue>'._('Order Header Details For Order No').' '.$_GET['OrderNumber'].'</font></th></tr>';
 	echo '<tr>
-		<th>' . _('Customer Code') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b><a href="' . $rootpath . '/SelectCustomer.php?Select=' . $myrow['debtorno'] . '">' . $myrow['debtorno'] . '</a></b></td>
-		<th>' . _('Customer Name') . ':</th><td bgcolor="#CCCCCC"><font color=BLUE><b>' . $myrow['name'] . '</b></td>
+		<th style="text-align: left">' . _('Customer Code') . ':</th>
+		<td class="OddTableRows"><font><a href="' . $rootpath . '/SelectCustomer.php?Select=' . $myrow['debtorno'] . '">' . $myrow['debtorno'] . '</a></td>
+		<th style="text-align: left">' . _('Customer Name') . ':</th><td><font>' . $myrow['name'] . '</td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Customer Reference') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['customerref'] . '</font></b></td>
-		<th>' . _('Deliver To') . ':</th><td bgcolor="#CCCCCC"><font color=BLUE><b>' . $myrow['deliverto'] . '</b></td>
+		<th style="text-align: left">' . _('Customer Reference') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['customerref'] . '</font></td>
+		<th style="text-align: left">' . _('Deliver To') . ':</th><td><font>' . $myrow['deliverto'] . '</td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Ordered On') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . ConvertSQLDate($myrow['orddate']) . '</font></b></td>
-		<th>' . _('Delivery Address 1') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['deladd1'] . '</font></b></td>
+		<th style="text-align: left">' . _('Ordered On') . ':</th>
+		<td class="OddTableRows"><font>' . ConvertSQLDate($myrow['orddate']) . '</font></td>
+		<th style="text-align: left">' . _('Delivery Address 1') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['deladd1'] . '</font></td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Requested Delivery') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . ConvertSQLDate($myrow['deliverydate']) . '</font></b></td>
-		<th>' . _('Delivery Address 2') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['deladd2'] . '</font></b></td>
+		<th style="text-align: left">' . _('Requested Delivery') . ':</th>
+		<td class="OddTableRows"><font>' . ConvertSQLDate($myrow['deliverydate']) . '</font></td>
+		<th style="text-align: left">' . _('Delivery Address 2') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['deladd2'] . '</font></td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Order Currency') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['currcode'] . '</font></b></td>
-		<th>' . _('Delivery Address 3') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['deladd3'] . '</font></b></td>
+		<th style="text-align: left"h>' . _('Order Currency') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['currcode'] . '</font></td>
+		<th style="text-align: left">' . _('Delivery Address 3') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['deladd3'] . '</font></td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Deliver From Location') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['fromstkloc'] . '</font></b></td>
-		<th>' . _('Delivery Address 4') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['deladd4'] . '</font></b></td>
+		<th style="text-align: left">' . _('Deliver From Location') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['fromstkloc'] . '</font></td>
+		<th style="text-align: left">' . _('Delivery Address 4') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['deladd4'] . '</font></td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Telephone') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['contactphone'] . '</font></b></td>
-		<th>' . _('Delivery Address 5') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['deladd5'] . '</font></b></td>
+		<th style="text-align: left">' . _('Telephone') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['contactphone'] . '</font></td>
+		<th style="text-align: left">' . _('Delivery Address 5') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['deladd5'] . '</font></td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Email') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b><a href="mailto:' . $myrow['contactemail'] . '">' . $myrow['contactemail'] . '</a></font></b></td>
-		<th>' . _('Delivery Address 6') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['deladd6'] . '</font></b></td>
+		<th style="text-align: left">' . _('Email') . ':</th>
+		<td class="OddTableRows"><font><a href="mailto:' . $myrow['contactemail'] . '">' . $myrow['contactemail'] . '</a></font></td>
+		<th style="text-align: left">' . _('Delivery Address 6') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['deladd6'] . '</font></td>
 	</tr>';
 	echo '<tr>
-		<th>' . _('Freight Cost') . ':</th>
-		<td class="EvenTableRows"><font color=BLUE><b>' . $myrow['freightcost'] . '</font></b></td>
+		<th style="text-align: left">' . _('Freight Cost') . ':</th>
+		<td class="OddTableRows"><font>' . $myrow['freightcost'] . '</font></td>
 	</tr>';
-	echo '</table><div class="centre">';
-	echo _('Comments'). ': ' . $myrow['comments'] . '<br></div>';
+	echo '<tr><th style="text-align: left">'._('Comments'). ': ';
+	echo '</th><td colspan=3>'.$myrow['comments'] . '</td></tr>';
+	echo '</table>';
 }
 
 /*Now get the line items */
 
-	$LineItemsSQL = 'SELECT
+	$LineItemsSQL = "SELECT
 				stkcode,
 				stockmaster.description,
 				stockmaster.volume,
@@ -129,21 +135,21 @@
 				actualdispatchdate,
 				qtyinvoiced
 			FROM salesorderdetails, stockmaster
-			WHERE salesorderdetails.stkcode = stockmaster.stockid AND orderno =' . $_GET['OrderNumber'];
+			WHERE salesorderdetails.stkcode = stockmaster.stockid AND orderno ='" . $_GET['OrderNumber'] . "'";
 
 	$ErrMsg =  _('The line items of the order cannot be retrieved because');
 	$DbgMsg =  _('The SQL used to retrieve the line items, that failed was');
 	$LineItemsResult = db_query($LineItemsSQL,$db, $ErrMsg, $DbgMsg);
-                                                                                                              																																
+
 	if (db_num_rows($LineItemsResult)>0) {
-		
+
 		$OrderTotal = 0;
 		$OrderTotalVolume = 0;
 		$OrderTotalWeight = 0;
 
-		echo '<br><div class="centre"><b>' . _('Line Details') . '</div></b>
-			<table cellpadding=2 colspan=9 border=1>
-			<tr>
+		echo '<br><table cellpadding=2 colspan=9 class=selection>';
+		echo '<tr><th colspan=9><font color=blue>'._('Order Line Details For Order No').' '.$_GET['OrderNumber'].'</font></th></tr>';
+		echo '<tr>
 			<th>' . _('Item Code') . '</th>
 			<th>' . _('Item Description') . '</th>
 			<th>' . _('Quantity') . '</th>
@@ -181,23 +187,23 @@
 				<td class=number>' . number_format($myrow['qtyinvoiced'],2) . '</td>
 				<td>' . $DisplayActualDeliveryDate . '</td>
 			</tr>';
-			
+
 			$OrderTotal = $OrderTotal + $myrow['quantity'] * $myrow['unitprice'] * (1 - $myrow['discountpercent']);
 			$OrderTotalVolume = $OrderTotalVolume + $myrow['quantity'] * $myrow['volume'];
 			$OrderTotalWeight = $OrderTotalWeight + $myrow['quantity'] * $myrow['kgs'];
-			
+
 		}
 		$DisplayTotal = number_format($OrderTotal,2);
 		$DisplayVolume = number_format($OrderTotalVolume,2);
 		$DisplayWeight = number_format($OrderTotalWeight,2);
-		
+
 		echo '<tr>
 			<td colspan=5 class=number><b>' . _('TOTAL Excl Tax/Freight') . '</b></td>
 			<td colspan=2 class=number>' . $DisplayTotal . '</td>
 			</tr>
 		</table>';
-		
-		echo '<table border=1>
+
+		echo '<br><table class=selection>
 			<tr>
 				<td>' . _('Total Weight') . ':</td>
 				<td>' . $DisplayWeight . '</td>
@@ -206,6 +212,6 @@
 			</tr>
 		</table>';
 	}
-	
+
 include('includes/footer.inc');
-?>
+?>
\ No newline at end of file

Modified: trunk/SelectCompletedOrder.php
===================================================================
--- trunk/SelectCompletedOrder.php	2010-07-17 19:25:46 UTC (rev 3629)
+++ trunk/SelectCompletedOrder.php	2010-07-17 19:26:07 UTC (rev 3630)
@@ -10,7 +10,8 @@
 
 include('includes/header.inc');
 
-echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') . '" alt="">' . ' ' . _('Search Sales Orders') . '</p>';
+echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') .
+	'" alt="">' . ' ' . _('Search Sales Orders') . '</p>';
 
 echo "<form action='" . $_SERVER['PHP_SELF'] . '?' . SID ."' method=post>";
 
@@ -60,18 +61,20 @@
 }
 
 if (isset($OrderNumber)) {
-	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/sales.png" title="' . _('Sales Order') . '" alt="">' . ' ' . _('Order Number') . ' - ' . $OrderNumber . '</p>';
+	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/sales.png" title="' . _('Sales Order') .
+		'" alt="">' . ' ' . _('Order Number') . ' - ' . $OrderNumber . '</p>';
 } elseif (isset($CustomerRef)) {
 	echo _('Customer Ref') . ' - ' . $CustomerRef;
 } else {
 	if (isset($SelectedCustomer)) {
 		echo _('For customer') . ': ' . $SelectedCustomer .' ' . _('and') . ' ';
-		echo "<input type=hidden name='SelectedCustomer' value='$SelectedCustomer'>";
+		echo "<input type=hidden name='SelectedCustomer' value='".$SelectedCustomer."'>";
 	}
 
 	if (isset($SelectedStockItem)) {
 
-		echo _('for the part') . ': ' . $SelectedStockItem . ' ' . _('and') . ' ' ."<input type=hidden name='SelectedStockItem' value='$SelectedStockItem'>";
+		$PartString = _('for the part') . ': <b>' . $SelectedStockItem . '</b> ' . _('and') . ' ' .
+			"<input type=hidden name='SelectedStockItem' value='".$SelectedStockItem."'>";
 
 	}
 }
@@ -97,7 +100,7 @@
 				 LEFT JOIN locstock ON stockmaster.stockid=locstock.stockid)
 				 LEFT JOIN purchorderdetails on stockmaster.stockid = purchorderdetails.itemcode)
 			WHERE salesorderdetails.completed =1
-			AND stockmaster.description " . LIKE . "'$SearchString'
+			AND stockmaster.description LIKE '" . $SearchString. "'
 			AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
 			GROUP BY stockmaster.stockid,
 				stockmaster.description,
@@ -113,7 +116,7 @@
 			FROM (((stockmaster LEFT JOIN salesorderdetails on stockmaster.stockid = salesorderdetails.stkcode)
 				 LEFT JOIN locstock ON stockmaster.stockid=locstock.stockid)
 				 LEFT JOIN purchorderdetails on stockmaster.stockid = purchorderdetails.itemcode)
-			WHERE stockmaster.description " . LIKE . "'$SearchString'
+			WHERE stockmaster.description LIKE '" . $SearchString. "'
 			AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
 			GROUP BY stockmaster.stockid,
 				stockmaster.description,
@@ -134,7 +137,7 @@
 				 LEFT JOIN locstock ON stockmaster.stockid=locstock.stockid)
 				 LEFT JOIN purchorderdetails on stockmaster.stockid = purchorderdetails.itemcode)
 			WHERE salesorderdetails.completed =1
-			AND stockmaster.stockid " . LIKE . " '%" . $_POST['StockCode'] . "%'
+			AND stockmaster.stockid LIKE  '%" . $_POST['StockCode'] . "%'
 			AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
 			GROUP BY stockmaster.stockid,
 				stockmaster.description,
@@ -150,7 +153,7 @@
 			FROM (((stockmaster LEFT JOIN salesorderdetails on stockmaster.stockid = salesorderdetails.stkcode)
 				 LEFT JOIN locstock ON stockmaster.stockid=locstock.stockid)
 				 LEFT JOIN purchorderdetails on stockmaster.stockid = purchorderdetails.itemcode)
-			WHERE stockmaster.stockid " . LIKE . " '%" . $_POST['StockCode'] . "%'
+			WHERE stockmaster.stockid LIKE '%" . $_POST['StockCode'] . "%'
 			AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
 			GROUP BY stockmaster.stockid,
 				stockmaster.description,
@@ -230,7 +233,7 @@
 				AND salesorders.branchcode = custbranch.branchcode
 				AND salesorders.debtorno = debtorsmaster.debtorno
 				AND debtorsmaster.debtorno = custbranch.debtorno
-				AND salesorders.orderno=". $OrderNumber ."
+				AND salesorders.orderno='". $OrderNumber ."'
 				AND salesorders.quotation=0
 				AND salesorderdetails.completed".$completed."
 				GROUP BY salesorders.orderno,
@@ -377,7 +380,7 @@
 					AND salesorders.debtorno = debtorsmaster.debtorno
 					AND salesorders.branchcode = custbranch.branchcode
 					AND debtorsmaster.debtorno = custbranch.debtorno
-					AND salesorders.orddate >= '$DateAfterCriteria'
+					AND salesorders.orddate >= '".$DateAfterCriteria . "'
 					AND salesorders.quotation=0
 					AND salesorderdetails.completed".$completed."
 					GROUP BY salesorders.orderno,
@@ -405,11 +408,18 @@
 	$_POST['OrdersAfterDate'] = Date($_SESSION['DefaultDateFormat'],Mktime(0,0,0,Date('m')-2,Date('d'),Date('Y')));
 }
 echo "<table class=selection>";
+
+if (isset($PartString)) {
+	echo "<tr><td>".$PartString."</td>";
+} else {
+	echo "<tr><td></td>";
+}
+
 if (!isset($OrderNumber) or $OrderNumber==''){
-	echo '<tr><td>' . _('Order Number') . ':</td><td>' . "<input type='text' name='OrderNumber' maxlength =8 size=9></td><td>" . _('for all orders placed after') .
+	echo '<td>' . _('Order Number') . ':</td><td>' . "<input type='text' name='OrderNumber' maxlength =8 size=9></td><td>" . _('for all orders placed after') .
 			": </td><td><input type='text' class='date' alt='".$_SESSION['DefaultDateFormat']."'  name='OrdersAfterDate' maxlength =10 size=11 value=" . $_POST['OrdersAfterDate'] . "></td><td>" .
 			"<input type='submit' name='SearchOrders' value='" . _('Search Orders') . "'></td></tr>";
-	echo '<tr><td>' . _('Customer Ref') . ':</td><td>' . "<input type='text' name='CustomerRef' maxlength =8 size=9></td>
+	echo '<tr><td></td><td>' . _('Customer Ref') . ':</td><td>' . "<input type='text' name='CustomerRef' maxlength =8 size=9></td>
 			<td></td><td colspan=2><input type='checkbox' ".$ShowChecked." name='completed' />"._('Show Completed orders only') . "</td></tr>";
 }
 echo '</table>';
@@ -418,7 +428,7 @@
 	$SQL='SELECT categoryid, categorydescription FROM stockcategory ORDER BY categorydescription';
 	$result1 = DB_query($SQL,$db);
 
-   echo '<hr>';
+   echo '<br>';
    echo '<div class="page_help_text"><font size=1>' . _('To search for sales orders for a specific part use the part selection facilities below') . '   </font></div>';
    echo '<br><table class=selection>';
    echo '<tr><td><font size=1>' . _('Select a stock category') . ':</font>';
@@ -450,7 +460,7 @@
 
 If (isset($StockItemsResult)) {
 
-	echo '<table cellpadding=2 colspan=7 border=2>';
+	echo '<br><table cellpadding=2 colspan=7 class=selection>';
 
 	$TableHeadings = "<tr><th>" . _('Code') . "</th>" .
 				"<th>" . _('Description') . "</th>" .
@@ -500,7 +510,7 @@
 
 /*show a table of the orders returned by the SQL */
 
-	echo '<table cellpadding=2 colspan=6 width=100%>';
+	echo '<br><table cellpadding=2 colspan=6 width=90% class=selection>';
 
 	$tableheader = "<tr><th>" . _('Order') . " #</th>
 			<th>" . _('Customer') . "</th>
@@ -531,7 +541,7 @@
 		$FormatedOrderDate = ConvertSQLDate($myrow['orddate']);
 		$FormatedOrderValue = number_format($myrow['ordervalue'],2);
 
-		printf("<td><a target='_blank' href='%s'>%s</a></td>
+		printf("<td><a href='%s'>%s</a></td>
 			<td>%s</td>
 			<td>%s</td>
 			<td>%s</td>
@@ -561,4 +571,4 @@
 echo '</form>';
 include('includes/footer.inc');
 
-?>
+?>
\ No newline at end of file

Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html	2010-07-17 19:25:46 UTC (rev 3629)
+++ trunk/doc/Change.log.html	2010-07-17 19:26:07 UTC (rev 3630)
@@ -1,5 +1,7 @@
 <p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
 <p></p>
+<p>17/07/10 Tim: SelectCompletedOrder.php - SQL quoting and layout changes</p>
+<p>17/07/10 Tim: OrderDetails.php - SQL quoting and layout changes</p>
 <p>17/07/10 Tim: OffersReceived.php - SQL quoting and provide confirmation message at the end</p>
 <p>17/07/10 Tim: MRPShortages.php - SQL quoting and layout changes</p>
 <p>17/07/10 Tim: MRPReschedules.php - SQL quoting and layout changes</p>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Weberp-cvs] SF.net SVN: web-erp:[3630] trunk

Accounting & Best Practice Business Administration System

[Weberp-cvs] SF.net SVN: web-erp:[3630] trunk