[Weberp-cvs] SF.net SVN: web-erp:[3821] trunk

[<tim...@us...>]

Revision: 3821
          http://web-erp.svn.sourceforge.net/web-erp/?rev=3821&view=rev
Author:   tim_schofield
Date:     2010-09-28 18:12:15 +0000 (Tue, 28 Sep 2010)

Log Message:
-----------
SQL quoting corrections and layout changes and improvements

Modified Paths:
--------------
    trunk/TaxCategories.php
    trunk/doc/Change.log.html

Modified: trunk/TaxCategories.php
===================================================================
--- trunk/TaxCategories.php	2010-09-28 17:59:33 UTC (rev 3820)
+++ trunk/TaxCategories.php	2010-09-28 18:12:15 UTC (rev 3821)
@@ -9,6 +9,9 @@
 
 include('includes/header.inc');
 
+echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Supplier Types')
+	. '" alt="">' . $title. '</p>';
+
 if ( isset($_GET['SelectedTaxCategory']) )
 	$SelectedTaxCategory = $_GET['SelectedTaxCategory'];
 elseif (isset($_POST['SelectedTaxCategory']))
@@ -39,7 +42,7 @@
 		/*SelectedTaxCategory could also exist if submit had not been clicked this code would not run in this case cos submit is false of course  see the delete code below*/
 		// Check the name does not clash
 		$sql = "SELECT count(*) FROM taxcategories
-				WHERE taxcatid <> " . $SelectedTaxCategory ."
+				WHERE taxcatid <> '" . $SelectedTaxCategory ."'
 				AND taxcatname ".LIKE." '" . $_POST['TaxCategoryName'] . "'";
 		$result = DB_query($sql,$db);
 		$myrow = DB_fetch_row($result);
@@ -50,7 +53,7 @@
 			// Get the old name and check that the record still exists
 
 			$sql = "SELECT taxcatname FROM taxcategories
-				WHERE taxcatid = " . $SelectedTaxCategory;
+				WHERE taxcatid = '" . $SelectedTaxCategory . "'";
 			$result = DB_query($sql,$db);
 			if ( DB_num_rows($result) != 0 ) {
 				// This is probably the safest way there is
@@ -88,13 +91,13 @@
 
 			$LastTaxCatID = DB_Last_Insert_ID($db, 'taxcategories','taxcatid');
 
-			$sql = 'INSERT INTO taxauthrates (taxauthority,
+			$sql = "INSERT INTO taxauthrates (taxauthority,
 					dispatchtaxprovince,
 					taxcatid)
 				SELECT taxauthorities.taxid,
  					taxprovinces.taxprovinceid,
-					' . $LastTaxCatID . '
-				FROM taxauthorities CROSS JOIN taxprovinces';
+					'" . $LastTaxCatID . "'
+				FROM taxauthorities CROSS JOIN taxprovinces";
 			$result = DB_query($sql,$db,$ErrMsg,true);
 
 			$result = DB_Txn_Commit($db);
@@ -114,7 +117,7 @@
 // PREVENT DELETES IF DEPENDENT RECORDS IN 'stockmaster'
 	// Get the original name of the tax category the ID is just a secure way to find the tax category
 	$sql = "SELECT taxcatname FROM taxcategories
-		WHERE taxcatid = " . $SelectedTaxCategory;
+		WHERE taxcatid = '" . $SelectedTaxCategory . "'";
 	$result = DB_query($sql,$db);
 	if ( DB_num_rows($result) == 0 ) {
 		// This is probably the safest way there is
@@ -129,9 +132,9 @@
 			prnMsg( _('Cannot delete this tax category because inventory items have been created using this tax category'),'warn');
 			echo '<br>' . _('There are') . ' ' . $myrow[0] . ' ' . _('inventory items that refer to this tax category') . '</font>';
 		} else {
-			$sql = 'DELETE FROM taxauthrates WHERE taxcatid = ' . $SelectedTaxCategory;
+			$sql = "DELETE FROM taxauthrates WHERE taxcatid  = '" . $SelectedTaxCategory . "'";
 			$result = DB_query($sql,$db);
-			$sql = 'DELETE FROM taxcategories WHERE taxcatid = ' .$SelectedTaxCategory;;
+			$sql = "DELETE FROM taxcategories WHERE taxcatid = '" . $SelectedTaxCategory . "'";
 			$result = DB_query($sql,$db);
 			prnMsg( $OldTaxCategoryName . ' ' . _('tax category and any tax rates set for it have been deleted'),'success');
 		}
@@ -161,7 +164,7 @@
 	$ErrMsg = _('Could not get tax categories because');
 	$result = DB_query($sql,$db,$ErrMsg);
 
-	echo "<table>
+	echo "<table class=selection>
 		<tr>
 		<th>" . _('Tax Categories') . "</th>
 		</tr>";
@@ -203,7 +206,7 @@
 		$sql = "SELECT taxcatid,
 				taxcatname
 				FROM taxcategories
-				WHERE taxcatid=" . $SelectedTaxCategory;
+				WHERE taxcatid='" . $SelectedTaxCategory . "'";
 
 		$result = DB_query($sql, $db);
 		if ( DB_num_rows($result) == 0 ) {
@@ -215,12 +218,12 @@
 			$_POST['TaxCategoryName']  = $myrow['taxcatname'];
 
 			echo "<input type=hidden name='SelectedTaxCategory' VALUE='" . $myrow['taxcatid'] . "'>";
-			echo "<table>";
+			echo "<table class=selection>";
 		}
 
 	}  else {
 		$_POST['TaxCategoryName']='';
-		echo "<table>";
+		echo "<table class=selection>";
 	}
 	echo "<tr>
 		<td>" . _('Tax Category Name') . ':' . "</td>
@@ -228,7 +231,7 @@
 		</tr>";
 	echo '</table>';
 
-	echo '<div class="centre"><input type=Submit name=submit value=' . _('Enter Information') . '></div>';
+	echo '<br /><div class="centre"><input type=Submit name=submit value=' . _('Enter Information') . '></div>';
 
 	echo '</form>';
 

Modified: trunk/doc/Change.log.html
===================================================================
--- trunk/doc/Change.log.html	2010-09-28 17:59:33 UTC (rev 3820)
+++ trunk/doc/Change.log.html	2010-09-28 18:12:15 UTC (rev 3821)
@@ -1,5 +1,6 @@
 <p><font SIZE=4 COLOR=BLUE><b>webERP Change Log</b></font></p>
 <p></p>
+<p>28/09/10 Tim: TaxCategories.php - SQL quoting corrections and layout changes and improvements</p>
 <p>28/09/10 Tim: TaxAuthorityRates.php - SQL quoting corrections and layout changes and improvements</p>
 <p>28/09/10 Tim: TaxAuthorities.php - SQL quoting corrections and layout changes and improvements</p>
 <p>28/09/10 Tim: Tax.php - SQL quoting corrections and layout changes and improvements</p>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.