Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4542] trunk
|
From: <dai...@us...> - 2011-04-08 23:37:09
|
Revision: 4542
http://web-erp.svn.sourceforge.net/web-erp/?rev=4542&view=rev
Author: daintree
Date: 2011-04-08 23:37:01 +0000 (Fri, 08 Apr 2011)
Log Message:
-----------
SQL xhtml quoting
Modified Paths:
--------------
trunk/ReverseGRN.php
trunk/WWW_Access.php
trunk/WWW_Users.php
trunk/WorkCentres.php
trunk/WorkOrderEntry.php
trunk/WorkOrderIssue.php
trunk/WorkOrderReceive.php
trunk/Z_CheckAllocationsFrom.php
trunk/Z_CheckAllocs.php
trunk/Z_CheckDebtorsControl.php
trunk/Z_CheckGLTransBalance.php
trunk/Z_CreateChartDetails.php
Modified: trunk/ReverseGRN.php
===================================================================
--- trunk/ReverseGRN.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/ReverseGRN.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -18,7 +18,7 @@
$_POST['SupplierID']=$_SESSION['SupplierID'];
}
if (!isset($_POST['SupplierID']) OR $_POST['SupplierID']==""){
- echo '<br>' . _('This page is expected to be called after a supplier has been selected');
+ echo '<br />' . _('This page is expected to be called after a supplier has been selected');
echo "<meta http-equiv='Refresh' content='0; url=" . $rootpath . '/SelectSupplier.php?' . SID . "'>";
exit;
} elseif (!isset($_POST['SuppName']) or $_POST['SuppName']=="") {
@@ -61,7 +61,7 @@
$QtyToReverse = $GRN['qtyrecd'] - $GRN['quantityinv'];
if ($QtyToReverse ==0){
- echo '<br><br>' . _('The GRN') . ' ' . $_GET['GRNNo'] . ' ' . _('has already been reversed or fully invoiced by the supplier - it cannot be reversed - stock quantities must be corrected by stock adjustments - the stock is paid for');
+ echo '<br /><br />' . _('The GRN') . ' ' . $_GET['GRNNo'] . ' ' . _('has already been reversed or fully invoiced by the supplier - it cannot be reversed - stock quantities must be corrected by stock adjustments - the stock is paid for');
include ('includes/footer.inc');
exit;
}
@@ -73,7 +73,7 @@
$SQL = "SELECT stockmaster.controlled
FROM stockmaster WHERE stockid ='" . $GRN['itemcode'] . "'";
- $CheckControlledResult = DB_query($SQL,$db,'<br>' . _('Could not determine if the item was controlled or not because') . ' ');
+ $CheckControlledResult = DB_query($SQL,$db,'<br />' . _('Could not determine if the item was controlled or not because') . ' ');
$ControlledRow = DB_fetch_row($CheckControlledResult);
if ($ControlledRow[0]==1) { /*Then its a controlled item */
$Controlled = true;
@@ -132,7 +132,7 @@
/*Now the purchorder header status in case it was completed - now incomplete - just printed */
$SQL = "UPDATE purchorders
SET status = 'Printed',
- stat_comment = CONCAT('" . Date($_SESSION['DefaultDateFormat']) . ' ' . _('GRN Reversed for') . ' ' . $GRN['itemdescription'] . ' ' . _('by') . ' ' . $_SESSION['UsersRealName'] . "<br>', stat_comment )
+ stat_comment = CONCAT('" . Date($_SESSION['DefaultDateFormat']) . ' ' . _('GRN Reversed for') . ' ' . $GRN['itemdescription'] . ' ' . _('by') . ' ' . $_SESSION['UsersRealName'] . "<br />', stat_comment )
WHERE orderno = '" . $GRN['orderno'] . "'";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The purchase order statusand status comment could not be changed because');
@@ -146,7 +146,7 @@
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The GRN record could not be deleted because');
$DbgMsg = _('The following SQL to delete the GRN record was used');
- $result = DB_query('DELETE FROM grns WHERE grnno="' . $_GET['GRNNo'] . '"',$db,$ErrMsg,$DbgMsg,true);
+ $result = DB_query("DELETE FROM grns WHERE grnno='" . $_GET['GRNNo'] . "'",$db,$ErrMsg,$DbgMsg,true);
} else {
$SQL = "UPDATE grns
SET qtyrecd = qtyrecd - $QtyToReverse
@@ -159,26 +159,26 @@
/*If the GRN being reversed is an asset - reverse the fixedassettrans record */
if ($GRN['assetid']!='0'){
$SQL = "INSERT INTO fixedassettrans (assetid,
- transtype,
- transno,
- transdate,
- periodno,
- inputdate,
- cost)
- VALUES ('" . $GRN['assetid'] . "',
- 25,
- '" . $_GET['GRNNo'] . "',
- '" . $GRN['deliverydate'] . "',
- '" . $PeriodNo . "',
- '" . Date('Y-m-d') . "',
- '" . -$GRN['stdcostunit'] * $QtyToReverse . "')";
+ transtype,
+ transno,
+ transdate,
+ periodno,
+ inputdate,
+ cost)
+ VALUES ('" . $GRN['assetid'] . "',
+ 25,
+ '" . $_GET['GRNNo'] . "',
+ '" . $GRN['deliverydate'] . "',
+ '" . $PeriodNo . "',
+ '" . Date('Y-m-d') . "',
+ '" . -$GRN['stdcostunit'] * $QtyToReverse . "')";
$ErrMsg = _('CRITICAL ERROR! NOTE DOWN THIS ERROR AND SEEK ASSISTANCE The fixed asset transaction could not be inserted because');
$DbgMsg = _('The following SQL to insert the fixed asset transaction record was used');
$Result = DB_query($SQL,$db,$ErrMsg, $DbgMsg, true);
/*now reverse the cost put to fixedassets */
$SQL = "UPDATE fixedassets SET cost = cost - " . ($GRN['stdcostunit'] * $QtyToReverse) . "
- WHERE assetid = '" . $GRN['assetid'] . "'";
+ WHERE assetid = '" . $GRN['assetid'] . "'";
$ErrMsg = _('CRITICAL ERROR! NOTE DOWN THIS ERROR AND SEEK ASSISTANCE. The fixed asset cost addition could not be reversed:');
$DbgMsg = _('The following SQL was used to attempt the reduce the cost of the asset was:');
$Result = DB_query($SQL,$db,$ErrMsg, $DbgMsg, true);
@@ -186,9 +186,9 @@
} //end of if it is an asset
$SQL = "SELECT stockmaster.controlled
- FROM stockmaster
- WHERE stockmaster.stockid = '" . $GRN['itemcode'] . "'";
- $Result = DB_query($SQL, $db, _('Could not determine if the item exists because'),'<br>' . _('The SQL that failed was') . ' ',true);
+ FROM stockmaster
+ WHERE stockmaster.stockid = '" . $GRN['itemcode'] . "'";
+ $Result = DB_query($SQL, $db, _('Could not determine if the item exists because'),'<br />' . _('The SQL that failed was') . ' ',true);
if (DB_num_rows($Result)==1){ /* if the GRN is in fact a stock item being reversed */
@@ -222,28 +222,28 @@
/* If its a stock item .... Insert stock movements - with unit cost */
- $SQL = "INSERT INTO stockmoves ( stockid,
- type,
- transno,
- loccode,
- trandate,
- prd,
- reference,
- qty,
- standardcost,
- newqoh)
- VALUES (
- '" . $GRN['itemcode'] . "',
- 25,
- '" . $_GET['GRNNo'] . "',
- '" . $GRN['intostocklocation'] . "',
- '" . $GRN['deliverydate'] . "',
- '" . $PeriodNo . "',
- '" . _('Reversal') . ' - ' . $_POST['SupplierID'] . ' - ' . $GRN['orderno'] . "',
- '" . -$QtyToReverse . "',
- '" . $GRN['stdcostunit'] . "',
- '" . ($QtyOnHandPrior - $QtyToReverse) . "'
- )";
+ $SQL = "INSERT INTO stockmoves ( stockid,
+ type,
+ transno,
+ loccode,
+ trandate,
+ prd,
+ reference,
+ qty,
+ standardcost,
+ newqoh)
+ VALUES (
+ '" . $GRN['itemcode'] . "',
+ 25,
+ '" . $_GET['GRNNo'] . "',
+ '" . $GRN['intostocklocation'] . "',
+ '" . $GRN['deliverydate'] . "',
+ '" . $PeriodNo . "',
+ '" . _('Reversal') . ' - ' . $_POST['SupplierID'] . ' - ' . $GRN['orderno'] . "',
+ '" . -$QtyToReverse . "',
+ '" . $GRN['stdcostunit'] . "',
+ '" . ($QtyOnHandPrior - $QtyToReverse) . "'
+ )";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
$DbgMsg = _('The following SQL to insert the stock movement records was used');
@@ -305,21 +305,21 @@
/*now the GRN suspense entry*/
$SQL = "INSERT INTO gltrans ( type,
- typeno,
- trandate,
- periodno,
- account,
- narrative,
- amount)
- VALUES (
- 25,
- '" . $_GET['GRNNo'] . "',
- '" . $GRN['deliverydate'] . "',
- '" . $PeriodNo . "',
- '" . $_SESSION['CompanyRecord']['grnact'] . "', '"
- . _('GRN Reversal PO') . ': ' . $GRN['orderno'] . " " . $_POST['SupplierID'] . " - " . $GRN['itemcode'] . "-" . $GRN['itemdescription'] . " x " . $QtyToReverse . " @ " . number_format($GRN['stdcostunit'],2) . "',
- '" . $GRN['stdcostunit'] * $QtyToReverse . "'
- )";
+ typeno,
+ trandate,
+ periodno,
+ account,
+ narrative,
+ amount)
+ VALUES (
+ 25,
+ '" . $_GET['GRNNo'] . "',
+ '" . $GRN['deliverydate'] . "',
+ '" . $PeriodNo . "',
+ '" . $_SESSION['CompanyRecord']['grnact'] . "', '"
+ . _('GRN Reversal PO') . ': ' . $GRN['orderno'] . " " . $_POST['SupplierID'] . " - " . $GRN['itemcode'] . "-" . $GRN['itemdescription'] . " x " . $QtyToReverse . " @ " . number_format($GRN['stdcostunit'],2) . "',
+ '" . $GRN['stdcostunit'] * $QtyToReverse . "'
+ )";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('The GRN suspense side of the GL posting could not be inserted because');
$DbgMsg = _('The following SQL to insert the GRN Suspense GLTrans record was used');
@@ -329,7 +329,7 @@
$Result = DB_Txn_Commit($db);
- echo '<br>' . _('GRN number') . ' ' . $_GET['GRNNo'] . ' ' . _('for') . ' ' . $QtyToReverse . ' x ' . $GRN['itemcode'] . ' - ' . $GRN['itemdescription'] . ' ' . _('has been reversed') . '<br>';
+ echo '<br />' . _('GRN number') . ' ' . $_GET['GRNNo'] . ' ' . _('for') . ' ' . $QtyToReverse . ' x ' . $GRN['itemcode'] . ' - ' . $GRN['itemdescription'] . ' ' . _('has been reversed') . '<br />';
unset($_GET['GRNNo']); // to ensure it cant be done again!!
echo '<a href="' . $_SERVER['PHP_SELF'] . '?' . SID . '">' . _('Select another GRN to Reverse') . '</a>';
/*end of Process Goods Received Reversal entry */
@@ -367,7 +367,7 @@
$result = DB_query($sql,$db,$ErrMsg,$DbgMsg);
if (DB_num_rows($result) ==0){
- prnMsg(_('There are no outstanding goods received yet to be invoiced for') . ' ' . $_POST['SuppName'] . '.<br>' . _('To reverse a GRN that has been invoiced first it must be credited'),'warn');
+ prnMsg(_('There are no outstanding goods received yet to be invoiced for') . ' ' . $_POST['SuppName'] . '.<br />' . _('To reverse a GRN that has been invoiced first it must be credited'),'warn');
} else { //there are GRNs to show
echo '<br /><table cellpadding=2 colspan=7 class=selection>';
@@ -375,10 +375,10 @@
<th>' . _('GRN') . ' #</th>
<th>' . _('Item Code') . '</th>
<th>' . _('Description') . '</th>
- <th>' . _('Date') . '<br>' . _('Received') . '</th>
- <th>' . _('Quantity') . '<br>' . _('Received') . '</th>
- <th>' . _('Quantity') . '<br>' . _('Invoiced') . '</th>
- <th>' . _('Quantity To') . '<br>' . _('Reverse') . '</th>
+ <th>' . _('Date') . '<br />' . _('Received') . '</th>
+ <th>' . _('Quantity') . '<br />' . _('Received') . '</th>
+ <th>' . _('Quantity') . '<br />' . _('Invoiced') . '</th>
+ <th>' . _('Quantity To') . '<br />' . _('Reverse') . '</th>
</tr>';
echo $TableHeader;
Modified: trunk/WWW_Access.php
===================================================================
--- trunk/WWW_Access.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/WWW_Access.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -2,8 +2,6 @@
/* $Id$*/
-//$PageSecurity=15;
-
include('includes/session.inc');
$title = _('Access Permission Maintenance');
@@ -41,7 +39,7 @@
$ErrMsg = _('The update of the security role description failed because');
$ResMsg = _('The Security role description was updated.');
} else { // Add Security Heading
- $sql = "INSERT INTO securityroles (secrolename) VALUES ('".$_POST['SecRoleName']."')";
+ $sql = "INSERT INTO securityroles (secrolename) valueS ('".$_POST['SecRoleName']."')";
$ErrMsg = _('The update of the security role failed because');
$ResMsg = _('The Security role was created.');
}
@@ -52,7 +50,7 @@
if( isset($_GET['add']) ) { // updating Security Groups add a page token
$sql = "INSERT INTO securitygroups (
secroleid, tokenid
- ) VALUES (
+ ) valueS (
'".$SelectedRole."',
'".$PageTokenId."'
)";
@@ -70,7 +68,7 @@
unset($_GET['PageToken']);
}
// Need to exec the query
- if (isset($sql) && $InputError != 1 ) {
+ if (isset($sql) AND $InputError != 1 ) {
$result = DB_query($sql,$db,$ErrMsg);
if( $result ) {
prnMsg( $ResMsg,'success');
@@ -84,7 +82,7 @@
$myrow = DB_fetch_row($result);
if ($myrow[0]>0) {
prnMsg( _('Cannot delete this role because user accounts are setup using it'),'warn');
- echo '<br>' . _('There are') . ' ' . $myrow[0] . ' ' . _('user accounts that have this security role setting') . '</font>';
+ echo '<br />' . _('There are') . ' ' . $myrow[0] . ' ' . _('user accounts that have this security role setting') . '</font>';
} else {
$sql="DELETE FROM securitygroups WHERE secroleid='" . $_GET['SelectedRole'] . "'";
$result = DB_query($sql,$db);
@@ -108,7 +106,7 @@
$result = DB_query($sql,$db);
echo '<table class=selection>';
- echo "<tr><th>" . _('Role') . "</th></tr>";
+ echo '<tr><th>' . _('Role') . '</th></tr>';
$k=0; //row colour counter
@@ -128,9 +126,9 @@
<td><a href=\"%s&SelectedRole=%s&delete=1&SecRoleName=%s\">" . _('Delete') . "</a></td>
</tr>",
$myrow['secrolename'],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . '?',
$myrow['secroleid'],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . '?',
$myrow['secroleid'],
urlencode($myrow['secrolename']));
@@ -140,7 +138,7 @@
if (isset($SelectedRole)) {
- echo "<br /><div class='centre'><a href='" . $_SERVER['PHP_SELF'] ."?" . SID . "'>" . _('Review Existing Roles') . '</a></div>';
+ echo '<br /><div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Review Existing Roles') . '</a></div>';
}
if (isset($SelectedRole)) {
@@ -159,24 +157,24 @@
$_POST['SecRoleName'] = $myrow['secrolename'];
}
}
-echo '<br>';
-echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . "?" . SID . ">";
+echo '<br />';
+echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if( isset($_POST['SelectedRole'])) {
- echo "<input type=hidden name='SelectedRole' VALUE='" . $_POST['SelectedRole'] . "'>";
+ echo '<input type="hidden" name="SelectedRole" value="' . $_POST['SelectedRole'] . '">';
}
-echo '<table class=selection>';
+echo '<table class="selection">';
if (!isset($_POST['SecRoleName'])) {
$_POST['SecRoleName']='';
}
echo '<tr><td>' . _('Role') . ":</td>
- <td><input type='text' name='SecRoleName' size=40 maxlength=40 VALUE='" . $_POST['SecRoleName'] . "'></tr>";
+ <td><input type='text' name='SecRoleName' size=40 maxlength=40 value='" . $_POST['SecRoleName'] . "'></tr>";
echo "</table><br />
<div class='centre'><input type='Submit' name='submit' value='" . _('Enter Role') . "'></div></form>";
if (isset($SelectedRole)) {
- $sql = 'SELECT tokenid, tokenname
- FROM securitytokens';
+ $sql = "SELECT tokenid, tokenname
+ FROM securitytokens";
$sqlUsed = "SELECT tokenid FROM securitygroups WHERE secroleid='". $SelectedRole . "'";
@@ -194,8 +192,8 @@
echo '<br /><table class=selection><tr>';
if (DB_num_rows($Result)>0 ) {
- echo "<th colspan=3><div class='centre'>"._('Assigned Security Tokens')."</div></th>";
- echo "<th colspan=3><div class='centre'>"._('Available Security Tokens')."</div></th>";
+ echo '<th colspan="3"><div class="centre">'._('Assigned Security Tokens').'</div></th>';
+ echo '<th colspan=3><div class="centre">'._('Available Security Tokens').'</div></th>';
}
echo '</tr>';
@@ -215,7 +213,7 @@
<td><a href=\"%s&SelectedRole=%s&remove=1&PageToken=%s\">" . _('Remove') . "</a></td><td> </td><td> </td><td> </td>",
$AvailRow['tokenid'],
$AvailRow['tokenname'],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . '?',
$SelectedRole,
$AvailRow['tokenid']
);
@@ -228,7 +226,7 @@
<td><a href=\"%s&SelectedRole=%s&add=1&PageToken=%s\">" . _('Add') . "</a></td>",
$AvailRow['tokenid'],
$AvailRow['tokenname'],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . '?',
$SelectedRole,
$AvailRow['tokenid']
);
Modified: trunk/WWW_Users.php
===================================================================
--- trunk/WWW_Users.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/WWW_Users.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -2,8 +2,6 @@
/* $Id$*/
-//$PageSecurity=15;
-
if (isset($_POST['UserID']) AND isset($_POST['ID'])){
if ($_POST['UserID'] == $_POST['ID']) {
$_POST['Language'] = $_POST['UserLanguage'];
@@ -33,9 +31,9 @@
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/group_add.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p><br />';
// Make an array of the security roles
-$sql = 'SELECT secroleid,
+$sql = "SELECT secroleid,
secrolename
- FROM securityroles ORDER BY secroleid';
+ FROM securityroles ORDER BY secroleid";
$Sec_Result = DB_query($sql, $db);
$SecurityRoles = array();
// Now load it into an a ray using Key/Value pairs
@@ -106,7 +104,7 @@
$i=0;
$ModulesAllowed = '';
while ($i < count($ModuleList)){
- $FormVbl = "Module_" . $i;
+ $FormVbl = 'Module_' . $i;
$ModulesAllowed .= $_POST[($FormVbl)] . ',';
$i++;
}
@@ -219,7 +217,7 @@
prnMsg(_('The demonstration user called demo cannot be deleted'),'error');
} else {
*/
- $sql='SELECT userid FROM audittrail where userid="'. $SelectedUser .'"';
+ $sql="SELECT userid FROM audittrail where userid='" . $SelectedUser ."'";
$result=DB_query($sql, $db);
if (DB_num_rows($result)!=0) {
prnMsg(_('Cannot delete user as entries already exist in the audit trail'), 'warn');
@@ -239,7 +237,7 @@
/* If its the first time the page has been displayed with no parameters then none of the above are true and the list of Users will be displayed with links to delete or edit each. These will call the same page again and allow update/input or deletion of the records*/
- $sql = 'SELECT
+ $sql = "SELECT
userid,
realname,
phone,
@@ -253,24 +251,24 @@
pagesize,
theme,
language
- FROM www_users';
+ FROM www_users";
$result = DB_query($sql,$db);
echo '<table class=selection>';
- echo "<tr><th>" . _('User Login') . "</th>
- <th>" . _('Full Name') . "</th>
- <th>" . _('Telephone') . "</th>
- <th>" . _('Email') . "</th>
- <th>" . _('Customer Code') . "</th>
- <th>" . _('Branch Code') . "</th>
- <th>" . _('Supplier Code') . "</th>
- <th>" . _('Salesperson') . "</th>
- <th>" . _('Last Visit') . "</th>
- <th>" . _('Security Role') ."</th>
- <th>" . _('Report Size') ."</th>
- <th>" . _('Theme') ."</th>
- <th>" . _('Language') ."</th>
- </tr>";
+ echo '<tr><th>' . _('User Login') . '</th>
+ <th>' . _('Full Name') . '</th>
+ <th>' . _('Telephone') . '</th>
+ <th>' . _('Email') . '</th>
+ <th>' . _('Customer Code') . '</th>
+ <th>' . _('Branch Code') . '</th>
+ <th>' . _('Supplier Code') . '</th>
+ <th>' . _('Salesperson') . '</th>
+ <th>' . _('Last Visit') . '</th>
+ <th>' . _('Security Role') .'</th>
+ <th>' . _('Report Size') .'</th>
+ <th>' . _('Theme') .'</th>
+ <th>' . _('Language') .'</th>
+ </tr>';
$k=0; //row colour counter
@@ -320,21 +318,21 @@
$myrow[10],
$myrow[11],
$myrow[12],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . '?',
$myrow[0],
- $_SERVER['PHP_SELF'] . "?" . SID,
+ $_SERVER['PHP_SELF'] . '?',
$myrow[0]);
} //END WHILE LIST LOOP
- echo '</table><br>';
+ echo '</table><br />';
} //end of ifs and buts!
if (isset($SelectedUser)) {
- echo "<div class='centre'><a href='" . $_SERVER['PHP_SELF'] ."?" . SID . "'>" . _('Review Existing Users') . '</a></div><br>';
+ echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Review Existing Users') . '</a></div><br />';
}
-echo "<form method='post' action=" . $_SERVER['PHP_SELF'] . "?" . SID . ">";
+echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedUser)) {
@@ -380,16 +378,19 @@
$_POST['Blocked'] = $myrow['blocked'];
$_POST['PDFLanguage'] = $myrow['pdflanguage'];
- echo "<input type='hidden' name='SelectedUser' value='" . $SelectedUser . "'>";
- echo "<input type='hidden' name='UserID' value='" . $_POST['UserID'] . "'>";
- echo "<input type='hidden' name='ModulesAllowed' value='" . $_POST['ModulesAllowed'] . "'>";
+ echo '<input type="hidden" name="SelectedUser" value="' . $SelectedUser . '">';
+ echo '<input type="hidden" name="UserID" value="' . $_POST['UserID'] . '">';
+ echo '<input type="hidden" name="ModulesAllowed" value="' . $_POST['ModulesAllowed'] . '">';
echo '<table class=selection> <tr><td>' . _('User code') . ':</td><td>';
echo $_POST['UserID'] . '</td></tr>';
} else { //end of if $SelectedUser only do the else when a new record is being entered
- echo '<table class=selection><tr><td>' . _('User Login') . ":</td><td><input type='text' name='UserID' size=22 maxlength=20 ></td></tr>";
+ echo '<table class=selection>
+ <tr>
+ <td>' . _('User Login') . ':</td>
+ <td><input type="text" name="UserID" size="22" maxlength="20"></td></tr>';
/*set the default modules to show to all
this had trapped a few people previously*/
@@ -418,21 +419,21 @@
if (!isset($_POST['Email'])) {
$_POST['Email']='';
}
-echo '<tr><td>' . _('Password') . ":</td>
- <td><input type='password' name='Password' size=22 maxlength=20 value='" . $_POST['Password'] . "'></tr>";
-echo '<tr><td>' . _('Full Name') . ":</td>
- <td><input type='text' name='RealName' value='" . $_POST['RealName'] . "' size=36 maxlength=35></td></tr>";
-echo '<tr><td>' . _('Telephone No') . ":</td>
- <td><input type='text' name='Phone' value='" . $_POST['Phone'] . "' size=32 maxlength=30></td></tr>";
-echo '<tr><td>' . _('Email Address') .":</td>
- <td><input type='text' name='Email' value='" . $_POST['Email'] ."' size=32 maxlength=55></td></tr>";
-echo '<tr><td>' . _('Security Role') . ":</td><td><select name='Access'>";
+echo '<tr><td>' . _('Password') . ':</td>
+ <td><input type="password" name="Password" size="22" maxlength="20" value="' . $_POST['Password'] . '"></tr>';
+echo '<tr><td>' . _('Full Name') . ':</td>
+ <td><input type="text" name="RealName" value="' . $_POST['RealName'] . '" size="36" maxlength="35"></td></tr>';
+echo '<tr><td>' . _('Telephone No') . ':</td>
+ <td><input type="text" name="Phone" value="' . $_POST['Phone'] . '" size="32" maxlength="30"></td></tr>';
+echo '<tr><td>' . _('Email Address') .':</td>
+ <td><input type="text" name="Email" value="' . $_POST['Email'] .'" size="32" maxlength="55"></td></tr>';
+echo '<tr><td>' . _('Security Role') . ':</td><td><select name="Access">';
foreach ($SecurityRoles as $SecKey => $SecVal) {
if (isset($_POST['Access']) and $SecKey == $_POST['Access']){
- echo "<option selected value=" . $SecKey . ">" . $SecVal;
+ echo '<option selected value="' . $SecKey . '">' . $SecVal .'</option>';
} else {
- echo "<option value=" . $SecKey . ">" . $SecVal;
+ echo '<option value="' . $SecKey . '">' . $SecVal .'</option>';
}
}
echo '</select></td></tr>';
@@ -441,17 +442,17 @@
echo '<tr><td>' . _('Default Location') . ':</td>
<td><select name="DefaultLocation">';
-$sql = 'SELECT loccode, locationname FROM locations';
+$sql = "SELECT loccode, locationname FROM locations";
$result = DB_query($sql,$db);
while ($myrow=DB_fetch_array($result)){
if (isset($_POST['DefaultLocation']) and $myrow['loccode'] == $_POST['DefaultLocation']){
- echo "<option selected value='" . $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo '<option selected value="' . $myrow['loccode'] . '">' . $myrow['locationname'] .'</option>';
} else {
- echo "<option Value='" . $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo '<option Value="' . $myrow['loccode'] . '">' . $myrow['locationname'] .'</option>';
}
@@ -479,7 +480,7 @@
echo '<tr><td>' . _('Restrict to Sales Person') . ':</td>
<td><select name="Salesman">';
-$sql = 'SELECT salesmancode, salesmanname FROM salesman';
+$sql = "SELECT salesmancode, salesmanname FROM salesman";
$result = DB_query($sql,$db);
if ((isset($_POST['Salesman']) and $_POST['Salesman']=='') OR !isset($_POST['Salesman'])){
echo '<option selected value="">' . _('Not a salesperson only login') . '</option>';
@@ -499,69 +500,69 @@
echo '</select></td></tr>';
-echo '<tr><td>' . _('Reports Page Size') .":</td>
- <td><select name='PageSize'>";
+echo '<tr><td>' . _('Reports Page Size') .':</td>
+ <td><select name="PageSize">';
if(isset($_POST['PageSize']) and $_POST['PageSize']=='A4'){
- echo "<option selected value='A4'>" . _('A4');
+ echo '<option selected value="A4">' . _('A4') .'</option>';
} else {
- echo "<option value='A4'>A4";
+ echo '<option value="A4">' . _('A4') . '</option>';
}
if(isset($_POST['PageSize']) and $_POST['PageSize']=='A3'){
- echo "<option selected Value='A3'>" . _('A3');
+ echo '<option selected value="A3">' . _('A3') .'</option>';
} else {
- echo "<option value='A3'>A3";
+ echo '<option value="A3">' . _('A3') .'</option>';
}
if(isset($_POST['PageSize']) and $_POST['PageSize']=='A3_landscape'){
- echo "<option selected Value='A3_landscape'>" . _('A3') . ' ' . _('landscape');
+ echo '<option selected value="A3_landscape">' . _('A3') . ' ' . _('landscape') .'</option>';
} else {
- echo "<option value='A3_landscape'>" . _('A3') . ' ' . _('landscape');
+ echo '<option value="A3_landscape">' . _('A3') . ' ' . _('landscape') .'</option>';
}
if(isset($_POST['PageSize']) and $_POST['PageSize']=='letter'){
- echo "<option selected Value='letter'>" . _('Letter');
+ echo '<option selected value="letter">' . _('Letter') .'</option>';
} else {
- echo "<option value='letter'>" . _('Letter');
+ echo '<option value="letter">' . _('Letter') .'</option>';
}
if(isset($_POST['PageSize']) and $_POST['PageSize']=='letter_landscape'){
- echo "<option selected Value='letter_landscape'>" . _('Letter') . ' ' . _('landscape');
+ echo '<option selected value="letter_landscape">' . _('Letter') . ' ' . _('landscape') .'</option>';
} else {
- echo "<option value='letter_landscape'>" . _('Letter') . ' ' . _('landscape');
+ echo '<option value="letter_landscape">' . _('Letter') . ' ' . _('landscape') .'</option>';
}
if(isset($_POST['PageSize']) and $_POST['PageSize']=='legal'){
- echo "<option selected value='legal'>" . _('Legal');
+ echo '<option selected value="legal">' . _('Legal') .'</option>';
} else {
- echo "<option Value='legal'>" . _('Legal');
+ echo '<option value="legal">' . _('Legal') .'</option>';
}
if(isset($_POST['PageSize']) and $_POST['PageSize']=='legal_landscape'){
- echo "<option selected value='legal_landscape'>" . _('Legal') . ' ' . _('landscape');
+ echo '<option selected value="legal_landscape">' . _('Legal') . ' ' . _('landscape') .'</option>';
} else {
- echo "<option value='legal_landscape'>" . _('Legal') . ' ' . _('landscape');
+ echo '<option value="legal_landscape">' . _('Legal') . ' ' . _('landscape') .'</option>';
}
echo '</select></td></tr>';
echo '<tr>
- <td>' . _('Theme') . ":</td>
- <td><select name='Theme'>";
+ <td>' . _('Theme') . ':</td>
+ <td><select name="Theme">';
$ThemeDirectory = dir('css/');
while (false != ($ThemeName = $ThemeDirectory->read())){
- if (is_dir("css/$ThemeName") AND $ThemeName != '.' AND $ThemeName != '..' AND $ThemeName != '.svn'){
+ if (is_dir('css/' . $ThemeName) AND $ThemeName != '.' AND $ThemeName != '..' AND $ThemeName != '.svn'){
if (isset($_POST['Theme']) and $_POST['Theme'] == $ThemeName){
- echo "<option selected value='$ThemeName'>$ThemeName";
+ echo '<option selected value="' . $ThemeName . '">' . $ThemeName .'</option>';
} else if (!isset($_POST['Theme']) and ($_SESSION['DefaultTheme']==$ThemeName)) {
- echo "<option selected value='$ThemeName'>$ThemeName";
+ echo '<option selected value="' . $ThemeName . '">' . $ThemeName .'</option>';
} else {
- echo "<option value='$ThemeName'>$ThemeName";
+ echo '<option value="' . $ThemeName . '">' . $ThemeName .'</option>';
}
}
}
@@ -570,8 +571,8 @@
echo '<tr>
- <td>' . _('Language') . ":</td>
- <td><select name='UserLanguage'>";
+ <td>' . _('Language') . ':</td>
+ <td><select name="UserLanguage">';
$LangDirHandle = dir('locale/');
@@ -581,11 +582,11 @@
if (is_dir('locale/' . $LanguageEntry) AND $LanguageEntry != '..' AND $LanguageEntry != 'CVS' AND $LanguageEntry!='.'){
if (isset($_POST['UserLanguage']) and $_POST['UserLanguage'] == $LanguageEntry){
- echo "<option selected value='$LanguageEntry'>$LanguageEntry";
+ echo '<option selected value="' . $LanguageEntry . '">' . $LanguageEntry .'</option>';
} elseif (!isset($_POST['UserLanguage']) and $LanguageEntry == $DefaultLanguage) {
- echo "<option selected value='$LanguageEntry'>$LanguageEntry";
+ echo '<option selected value="' . $LanguageEntry . '">' . $LanguageEntry .'</option>';
} else {
- echo "<option value='$LanguageEntry'>$LanguageEntry";
+ echo '<option value="' . $LanguageEntry . '">' . $LanguageEntry .'</option>';
}
}
}
@@ -599,7 +600,7 @@
$i=0;
foreach($ModuleList as $ModuleName){
- echo '<tr><td>' . _('Display') . ' ' . $ModuleName . ' ' . _('options') . ": </td><td><select name='Module_" . $i . "'>";
+ echo '<tr><td>' . _('Display') . ' ' . $ModuleName . ' ' . _('options') . ': </td><td><select name="Module_' . $i . '">';
if ($ModulesAllowed[$i]==0){
echo '<option selected value=0>' . _('No') . '</option>';
echo '<option value=1>' . _('Yes') . '</option>';
@@ -624,7 +625,7 @@
}
echo '</select></td></tr>';
-echo '<tr><td>' . _('Account Status') . ":</td><td><select name='Blocked'>";
+echo '<tr><td>' . _('Account Status') . ':</td><td><select name="Blocked">';
if ($_POST['Blocked']==0){
echo '<option selected value=0>' . _('Open');
echo '<option value=1>' . _('Blocked');
@@ -634,7 +635,7 @@
}
echo '</select></td></tr>';
-echo '</table><br>
+echo '</table><br />
<div class="centre"><input type="submit" name="submit" value="' . _('Enter Information') . '"></div>
</form>';
Modified: trunk/WorkCentres.php
===================================================================
--- trunk/WorkCentres.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/WorkCentres.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -1,7 +1,6 @@
<?php
/* $Id$*/
-//$PageSecurity=9;
include('includes/session.inc');
$title = _('Work Centres');
@@ -31,7 +30,7 @@
$InputError = 1;
prnMsg(_('The Work Centre description must be at least 3 characters long'),'error');
}
- if (strstr($_POST['Code'],' ') OR strstr($_POST['Code'],"'") OR strstr($_POST['Code'],'+') OR strstr($_POST['Code'],"\\") OR strstr($_POST['Code'],"\"") OR strstr($_POST['Code'],'&') OR strstr($_POST['Code'],'.') OR strstr($_POST['Code'],'"')) {
+ if (strstr($_POST['Code'],' ') OR ContainsIllegalCharacters($_POST['Code']) ) {
$InputError = 1;
prnMsg(_('The work centre code cannot contain any of the following characters') . " - ' & + \" \\ " . _('or a space'),'error');
}
@@ -110,23 +109,23 @@
or deletion of the records*/
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $title . '</p>';
- $sql = 'SELECT workcentres.code,
- workcentres.description,
- locations.locationname,
- workcentres.overheadrecoveryact,
- workcentres.overheadperhour
- FROM workcentres,
- locations
- WHERE workcentres.location = locations.loccode';
+ $sql = "SELECT workcentres.code,
+ workcentres.description,
+ locations.locationname,
+ workcentres.overheadrecoveryact,
+ workcentres.overheadperhour
+ FROM workcentres,
+ locations
+ WHERE workcentres.location = locations.loccode";
$result = DB_query($sql,$db);
- echo "<table class=selection>
- <tr bgcolor =#800000><th>" . _('WC Code') . "</th>
- <th>" . _('Description') . "</th>
- <th>" . _('Location') . "</th>
- <th>" . _('Overhead GL Account') . "</th>
- <th>" . _('Overhead Per Hour') . "</th>
- </tr></font>";
+ echo '<table class="selection">
+ <tr bgcolor ="#800000"><th>' . _('WC Code') . '</th>
+ <th>' . _('Description') . '</th>
+ <th>' . _('Location') . '</th>
+ <th>' . _('Overhead GL Account') . '</th>
+ <th>' . _('Overhead Per Hour') . '</th>
+ </tr>';
while ($myrow = DB_fetch_row($result)) {
@@ -143,8 +142,8 @@
$myrow[2],
$myrow[3],
$myrow[4],
- $_SERVER['PHP_SELF'] . '?' . SID,
- $myrow[0], $_SERVER['PHP_SELF'] . '?' . SID,
+ $_SERVER['PHP_SELF'] . '?',
+ $myrow[0], $_SERVER['PHP_SELF'] . '?',
$myrow[0]);
}
@@ -156,10 +155,10 @@
if (isset($SelectedWC)) {
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/maintenance.png" title="' . _('Search') . '" alt="" />' . ' ' . $title . '</p>';
- echo "<div class='centre'><a href='" . $_SERVER['PHP_SELF'] . '?' . SID . "'>" . _('Show all Work Centres') . '</a></div>';
+ echo '<div class="centre"><a href="' . $_SERVER['PHP_SELF'] . '">' . _('Show all Work Centres') . '</a></div>';
}
-echo "<p><form method='post' action='" . $_SERVER['PHP_SELF'] . '?' . SID . "'>";
+echo '<p><form method="post" action="' . $_SERVER['PHP_SELF'] . '">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($SelectedWC)) {
@@ -182,41 +181,42 @@
$_POST['OverheadRecoveryAct'] = $myrow['overheadrecoveryact'];
$_POST['OverheadPerHour'] = $myrow['overheadperhour'];
- echo '<input type=hidden name="SelectedWC" value=' . $SelectedWC . '>';
- echo '<input type=hidden name="Code" value="' . $_POST['Code'] . '">';
- echo '<table class=selection><tr><td>' ._('Work Centre Code') . ':</td><td>' . $_POST['Code'] . '</td></tr>';
+ echo '<input type="hidden" name="SelectedWC" value=' . $SelectedWC . '>';
+ echo '<input type="hidden" name="Code" value="' . $_POST['Code'] . '">';
+ echo '<table class="selection"><tr><td>' ._('Work Centre Code') . ':</td>
+ <td>' . $_POST['Code'] . '</td></tr>';
} else { //end of if $SelectedWC only do the else when a new record is being entered
if (!isset($_POST['Code'])) {
$_POST['Code'] = '';
}
- echo '<table class=selection><tr>
- <td>' . _('Work Centre Code') . ":</td>
- <td><input type='Text' name='Code' size=6 maxlength=5 value='" . $_POST['Code'] . "'></td>
- </tr>";
+ echo '<table class="selection"><tr>
+ <td>' . _('Work Centre Code') . ':</td>
+ <td><input type="Text" name="Code" size="6" maxlength="5" value="' . $_POST['Code'] . '"></td>
+ </tr>';
}
-$SQL = 'SELECT locationname,
+$SQL = "SELECT locationname,
loccode
- FROM locations';
+ FROM locations";
$result = DB_query($SQL,$db);
if (!isset($_POST['Description'])) {
$_POST['Description'] = '';
}
-echo '<tr><td>' . _('Work Centre Description') . ":</td>
- <td><input type='Text' name='Description' size=21 maxlength=20 value='" . $_POST['Description'] . "'></td>
+echo '<tr><td>' . _('Work Centre Description') . ':</td>
+ <td><input type="Text" name="Description" size="21" maxlength="20" value="' . $_POST['Description'] . '"></td>
</tr>
- <tr><td>" . _('Location') . ":</td>
- <td><select name='Location'>";
+ <tr><td>' . _('Location') . ':</td>
+ <td><select name="Location">';
while ($myrow = DB_fetch_array($result)) {
if (isset($_POST['Location']) and $myrow['loccode']==$_POST['Location']) {
- echo "<option selected VALUE='";
+ echo '<option selected value="';
} else {
- echo "<option VALUE='";
+ echo '<option VALUE="';
}
- echo $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
} //end while loop
@@ -224,26 +224,26 @@
echo '</select></td></tr>
- <tr><td>' . _('Overhead Recovery GL Account') . ":</td>
- <td><select name='OverheadRecoveryAct'>";
+ <tr><td>' . _('Overhead Recovery GL Account') . ':</td>
+ <td><select name="OverheadRecoveryAct">';
//SQL to poulate account selection boxes
-$SQL = 'SELECT accountcode,
- accountname
- FROM chartmaster INNER JOIN accountgroups
- ON chartmaster.group_=accountgroups.groupname
- WHERE accountgroups.pandl!=0
- ORDER BY accountcode';
+$SQL = "SELECT accountcode,
+ accountname
+ FROM chartmaster INNER JOIN accountgroups
+ ON chartmaster.group_=accountgroups.groupname
+ WHERE accountgroups.pandl!=0
+ ORDER BY accountcode";
$result = DB_query($SQL,$db);
while ($myrow = DB_fetch_array($result)) {
if (isset($_POST['OverheadRecoveryAct']) and $myrow['accountcode']==$_POST['OverheadRecoveryAct']) {
- echo '<option selected VALUE=';
+ echo '<option selected value=';
} else {
- echo '<option VALUE=';
+ echo '<option value=';
}
- echo $myrow['accountcode'] . '>' . $myrow['accountname'];
+ echo $myrow['accountcode'] . '>' . $myrow['accountname'] . '</option>';
} //end while loop
DB_free_result($result);
Modified: trunk/WorkOrderEntry.php
===================================================================
--- trunk/WorkOrderEntry.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/WorkOrderEntry.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -207,10 +207,10 @@
if ($InputError==false){
$CostResult = DB_query("SELECT SUM((materialcost+labourcost+overheadcost)*bom.quantity) AS cost
- FROM stockmaster INNER JOIN bom
- ON stockmaster.stockid=bom.component
- WHERE bom.parent='" . $NewItem . "'
- AND bom.loccode='" . $_POST['StockLocation'] . "'",
+ FROM stockmaster INNER JOIN bom
+ ON stockmaster.stockid=bom.component
+ WHERE bom.parent='" . $NewItem . "'
+ AND bom.loccode='" . $_POST['StockLocation'] . "'",
$db);
$CostRow = DB_fetch_row($CostResult);
if (is_null($CostRow[0]) OR $CostRow[0]==0){
@@ -299,10 +299,10 @@
if ($_POST['RecdQty'.$i]==0 AND (!isset($_POST['HasWOSerialNos'.$i]) or $_POST['HasWOSerialNos'.$i]==false)){
/* can only change location cost if QtyRecd=0 */
$CostResult = DB_query("SELECT SUM((materialcost+labourcost+overheadcost)*bom.quantity) AS cost
- FROM stockmaster INNER JOIN bom
- ON stockmaster.stockid=bom.component
- WHERE bom.parent='" . $_POST['OutputItem'.$i] . "'
- AND bom.loccode='" . $_POST['StockLocation'] . "'",
+ FROM stockmaster INNER JOIN bom
+ ON stockmaster.stockid=bom.component
+ WHERE bom.parent='" . $_POST['OutputItem'.$i] . "'
+ AND bom.loccode='" . $_POST['StockLocation'] . "'",
$db);
$CostRow = DB_fetch_row($CostResult);
if (is_null($CostRow[0])){
@@ -350,7 +350,7 @@
// can't delete it there are open work issues
$HasTransResult = DB_query("SELECT * FROM stockmoves
WHERE (stockmoves.type= 26 OR stockmoves.type=28)
- AND reference LIKE '%" . $_POST['WO'] . "%'",$db);
+ AND reference " . LIKE . " '%" . $_POST['WO'] . "%'",$db);
if (DB_num_rows($HasTransResult)>0){
prnMsg(_('This work order cannot be deleted because it has issues or receipts related to it'),'error');
$CancelDelete=true;
@@ -377,7 +377,7 @@
prnMsg(_('The work order has been deleted'),'success');
- echo "<p><a href='" . $rootpath . "/SelectWorkOrder.php?" . SID . "'>" . _('Select an existing outstanding work order') . "</a>";
+ echo '<p><a href="' . $rootpath . '/SelectWorkOrder.php">' . _('Select an existing outstanding work order') . '</a>';
unset($_POST['WO']);
for ($i=1;$i<=$_POST['NumberOfOutputs'];$i++){
unset($_POST['OutputItem'.$i]);
@@ -394,7 +394,7 @@
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '" name="form">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
-echo '<br><table class=selection>';
+echo '<br /><table class="selection">';
$sql="SELECT workorders.loccode,
requiredby,
@@ -441,7 +441,7 @@
}
$_POST['Controlled'.$i] =$WOItem['controlled'];
$_POST['Serialised'.$i] =$WOItem['serialised'];
- $HasWOSerialNosResult = DB_query('SELECT * FROM woserialnos WHERE wo=' . $_POST['WO'],$db);
+ $HasWOSerialNosResult = DB_query("SELECT * FROM woserialnos WHERE wo='" . $_POST['WO'] . "'",$db);
if (DB_num_rows($HasWOSerialNosResult)>0){
$_POST['HasWOSerialNos']=true;
} else {
@@ -455,7 +455,7 @@
echo '<tr><td class="label">' . _('Work Order Reference') . ':</td><td>' . $_POST['WO'] . '</td></tr>';
echo '<tr><td class="label">' . _('Factory Location') .':</td>
<td><select name="StockLocation">';
-$LocResult = DB_query('SELECT loccode,locationname FROM locations',$db);
+$LocResult = DB_query("SELECT loccode,locationname FROM locations",$db);
while ($LocRow = DB_fetch_array($LocResult)){
if ($_POST['StockLocation']==$LocRow['loccode']){
echo '<option selected value="' . $LocRow['loccode'] .'">' . $LocRow['locationname'] . '</option>';
@@ -521,7 +521,7 @@
} else {
$LotOrSN = _('Batches');
}
- echo '<td><a href="' . $rootpath . '/WOSerialNos.php?' . SID . '&WO=' . $_POST['WO'] . '&StockID=' . $_POST['OutputItem' .$i] . '&Description=' . $_POST['OutputItemDesc' .$i] . '&Serialised=' . $_POST['Serialised' .$i] . '&NextSerialNo=' . $_POST['NextLotSNRef' .$i] . '">' . $LotOrSN . '</a></td>';
+ echo '<td><a href="' . $rootpath . '/WOSerialNos.php?WO=' . $_POST['WO'] . '&StockID=' . $_POST['OutputItem' .$i] . '&Description=' . $_POST['OutputItemDesc' .$i] . '&Serialised=' . $_POST['Serialised' .$i] . '&NextSerialNo=' . $_POST['NextLotSNRef' .$i] . '">' . $LotOrSN . '</a></td>';
}
}
echo '<td>';
@@ -558,31 +558,31 @@
echo '<table class=selection><tr><td>' . _('Select a stock category') . ':<select name="StockCat">';
if (!isset($_POST['StockCat'])){
- echo '<option selected VALUE="All">' . _('All');
+ echo '<option selected VALUE="All">' . _('All') . '</option>';
$_POST['StockCat'] ='All';
} else {
- echo '<option VALUE="All">' . _('All');
+ echo '<option VALUE="All">' . _('All') . '</option>';
}
while ($myrow1 = DB_fetch_array($result1)) {
if ($_POST['StockCat']==$myrow1['categoryid']){
- echo '<option selected VALUE=' . $myrow1['categoryid'] . '>' . $myrow1['categorydescription'];
+ echo '<option selected value=' . $myrow1['categoryid'] . '>' . $myrow1['categorydescription'] . '</option>';
} else {
- echo '<option VALUE='. $myrow1['categoryid'] . '>' . $myrow1['categorydescription'];
+ echo '<option value='. $myrow1['categoryid'] . '>' . $myrow1['categorydescription'] . '</option>';
}
}
?>
</select>
<td><?php echo _('Enter text extracts in the'); ?> <b><?php echo _('description'); ?></b>:</td>
-<td><input type="Text" name="Keywords" size=20 maxlength=25 VALUE="<?php if (isset($_POST['Keywords'])) echo $_POST['Keywords']; ?>"></td></tr>
+<td><input type="Text" name="Keywords" size=20 maxlength=25 value="<?php if (isset($_POST['Keywords'])) echo $_POST['Keywords']; ?>"></td></tr>
<tr><td></td>
<td><font SIZE 3><b><?php echo _('OR'); ?> </b></font><?php echo _('Enter extract of the'); ?> <b><?php echo _('Stock Code'); ?></b>:</td>
- <td><input type="Text" name="StockCode" size=15 maxlength=18 VALUE="<?php if (isset($_POST['StockCode'])) echo $_POST['StockCode']; ?>"></td>
+ <td><input type="Text" name="StockCode" size=15 maxlength=18 value="<?php if (isset($_POST['StockCode'])) echo $_POST['StockCode']; ?>"></td>
</tr>
</table>
- <br /><div class="centre"><input type=submit name="Search" VALUE="<?php echo _('Search Now'); ?>">
+ <br /><div class="centre"><input type=submit name="Search" value="<?php echo _('Search Now'); ?>">
<?php
@@ -636,7 +636,7 @@
$myrow['description'],
$myrow['units'],
$ImageSource,
- $_SERVER['PHP_SELF'] . '?' . SID . 'WO=' . $_POST['WO'] . '&NewItem=' . $myrow['stockid'].'&Line='.$i);
+ $_SERVER['PHP_SELF'] . '?WO=' . $_POST['WO'] . '&NewItem=' . $myrow['stockid'].'&Line='.$i);
$j++;
If ($j == 25){
Modified: trunk/WorkOrderIssue.php
===================================================================
--- trunk/WorkOrderIssue.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/WorkOrderIssue.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -1,8 +1,6 @@
<?php
/* $Id$*/
-//$PageSecurity = 11;
-
include('includes/session.inc');
$title = _('Issue Materials To Work Order');
include('includes/header.inc');
@@ -15,19 +13,19 @@
$_POST['StockID']=$_GET['StockID'];
}
-echo '<a href="'. $rootpath . '/SelectWorkOrder.php?' . SID . '">' . _('Back to Work Orders'). '</a><br>';
-echo '<a href="'. $rootpath . '/WorkOrderCosting.php?' . SID . '&WO=' . $_POST['WO'] . '">' . _('Back to Costing'). '</a><br>';
+echo '<a href="'. $rootpath . '/SelectWorkOrder.php">' . _('Back to Work Orders'). '</a><br />';
+echo '<a href="'. $rootpath . '/WorkOrderCosting.php?WO=' . $_POST['WO'] . '">' . _('Back to Costing'). '</a><br />';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/group_add.png" title="' .
_('Search') . '" alt="" />' . ' ' . $title.'</p';
-echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<form action="' . $_SERVER['PHP_SELF'] . '" method=post>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (!isset($_POST['WO']) OR !isset($_POST['StockID'])) {
/* This page can only be called with a work order number for issuing stock to*/
- echo '<div class="centre"><a href="' . $rootpath . '/SelectWorkOrder.php?' . SID . '">'.
+ echo '<div class="centre"><a href="' . $rootpath . '/SelectWorkOrder.php">'.
_('Select a work order to issue materials to').'</a></div>';
prnMsg(_('This page can only be opened if a work order has been selected. Please select a work order to issue materials to first'),'info');
include ('includes/footer.inc');
@@ -344,16 +342,16 @@
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' ._('Could not update the work order cost issued to the work order because');
$DbgMsg = _('The following SQL was used to update the work order');
$UpdateWOResult =DB_query("UPDATE workorders
- SET costissued=costissued+" . ($QuantityIssued*$IssueItemRow['cost']) . "
- WHERE wo='" . $_POST['WO'] . "'",
- $db,$ErrMsg,$DbgMsg,true);
+ SET costissued=costissued+" . ($QuantityIssued*$IssueItemRow['cost']) . "
+ WHERE wo='" . $_POST['WO'] . "'",
+ $db,$ErrMsg,$DbgMsg,true);
$Result = DB_Txn_Commit($db);
prnMsg(_('The issue of') . ' ' . $QuantityIssued . ' ' . _('of') . ' ' . $_POST['IssueItem'] . ' ' . _('against work order') . ' '. $_POST['WO'] . ' ' . _('has been processed'),'info');
- echo '<p><ul><li><a href="' . $rootpath . '/WorkOrderIssue.php?' . SID . '&WO=' . $_POST['WO'] . '&StockID=' . $_POST['StockID'] . '">' . _('Issue more components to this work order') . '</a></li>';
- echo '<li><a href="' . $rootpath . '/SelectWorkOrder.php?' . SID . '">' . _('Select a different work order for issuing materials and components against'). '</a></li></ul>';
+ echo '<p><ul><li><a href="' . $rootpath . '/WorkOrderIssue.php?WO=' . $_POST['WO'] . '&StockID=' . $_POST['StockID'] . '">' . _('Issue more components to this work order') . '</a></li>';
+ echo '<li><a href="' . $rootpath . '/SelectWorkOrder.php">' . _('Select a different work order for issuing materials and components against'). '</a></li></ul>';
unset($_POST['WO']);
unset($_POST['StockID']);
unset($_POST['IssueItem']);
@@ -474,7 +472,7 @@
prnMsg (_('There are no products available meeting the criteria specified'),'info');
if ($debug==1){
- prnMsg(_('The SQL statement used was') . ':<br>' . $SQL,'info');
+ prnMsg(_('The SQL statement used was') . ':<br />' . $SQL,'info');
}
}
if (DB_num_rows($SearchResult)==1){
@@ -490,25 +488,25 @@
$ErrMsg = _('Could not retrieve the details of the selected work order item');
$WOResult = DB_query("SELECT workorders.loccode,
- locations.locationname,
- workorders.requiredby,
- workorders.startdate,
- workorders.closed,
- stockmaster.description,
- stockmaster.decimalplaces,
- stockmaster.units,
- woitems.qtyreqd,
- woitems.qtyrecd
- FROM workorders INNER JOIN locations
- ON workorders.loccode=locations.loccode
- INNER JOIN woitems
- ON workorders.wo=woitems.wo
- INNER JOIN stockmaster
- ON woitems.stockid=stockmaster.stockid
- WHERE woitems.stockid='" . $_POST['StockID'] . "'
- AND woitems.wo ='" . $_POST['WO'] . "'",
- $db,
- $ErrMsg);
+ locations.locationname,
+ workorders.requiredby,
+ workorders.startdate,
+ workorders.closed,
+ stockmaster.description,
+ stockmaster.decimalplaces,
+ stockmaster.units,
+ woitems.qtyreqd,
+ woitems.qtyrecd
+ FROM workorders INNER JOIN locations
+ ON workorders.loccode=locations.loccode
+ INNER JOIN woitems
+ ON workorders.wo=woitems.wo
+ INNER JOIN stockmaster
+ ON woitems.stockid=stockmaster.stockid
+ WHERE woitems.stockid='" . $_POST['StockID'] . "'
+ AND woitems.wo ='" . $_POST['WO'] . "'",
+ $db,
+ $ErrMsg);
if (DB_num_rows($WOResult)==0){
prnMsg(_('The selected work order item cannot be retrieved from the database'),'info');
@@ -527,30 +525,40 @@
$_POST['IssuedDate'] = Date($_SESSION['DefaultDateFormat']);
}
echo '<table cellpadding=2 class=selection>
- <tr><td class="label">' . _('Issue to work order') . ':</td><td>' . $_POST['WO'] .'</td><td class="label">' . _('Item') . ':</td><td>' . $_POST['StockID'] . ' - ' . $WORow['description'] . '</td></tr>
- <tr><td class="label">' . _('Manufactured at') . ':</td><td>' . $WORow['locationname'] . '</td><td class="label">' . _('Required By') . ':</td><td>' . ConvertSQLDate($WORow['requiredby']) . '</td></tr>
- <tr><td class="label">' . _('Quantity Ordered') . ':</td><td class=number>' . number_format($WORow['qtyreqd'],$WORow['decimalplaces']) . '</td><td colspan=2>' . $WORow['units'] . '</td></tr>
- <tr><td class="label">' . _('Already Received') . ':</td><td class=number>' . number_format($WORow['qtyrecd'],$WORow['decimalplaces']) . '</td><td colspan=2>' . $WORow['units'] . '</td></tr>
+ <tr><td class="label">' . _('Issue to work order') . ':</td>
+ <td>' . $_POST['WO'] .'</td><td class="label">' . _('Item') . ':</td>
+ <td>' . $_POST['StockID'] . ' - ' . $WORow['description'] . '</td>
+ </tr>
+ <tr><td class="label">' . _('Manufactured at') . ':</td>
+ <td>' . $WORow['locationname'] . '</td><td class="label">' . _('Required By') . ':</td>
+ <td>' . ConvertSQLDate($WORow['requiredby']) . '</td>
+ </tr>
+ <tr><td class="label">' . _('Quantity Ordered') . ':</td>
+ <td class="number">' . number_format($WORow['qtyreqd'],$WORow['decimalplaces']) . '</td>
+ <td colspan="2">' . $WORow['units'] . '</td>
+ </tr>
+ <tr><td class="label">' . _('Already Received') . ':</td>
+ <td class="number">' . number_format($WORow['qtyrecd'],$WORow['decimalplaces']) . '</td>
+ <td colspan="2">' . $WORow['units'] . '</td></tr>
<tr><td colspan=4></td></tr>
- <tr><td class="label">' . _('Date Material Issued') . ':</td><td><input type=text name=issuedate value='
- . Date($_SESSION['DefaultDateFormat']) . ' class=date size=10 alt="'.$_SESSION['DefaultDateFormat'].'" ></td>
- <td class="label">' . _('Issued From') . ':</td><td>';
+ <tr><td class="label">' . _('Date Material Issued') . ':</td>
+ <td><input type=text name=issuedate value=' . Date($_SESSION['DefaultDateFormat']) . ' class=date size=10 alt="'.$_SESSION['DefaultDateFormat'].'" ></td>
+ <td class="label">' . _('Issued From') . ':</td><td>';
if (!isset($_POST['IssueItem'])){
- $LocResult = DB_query('SELECT loccode, locationname FROM locations',$db);
+ $LocResult = DB_query("SELECT loccode, locationname FROM locations",$db);
echo '<select name="FromLocation">';
-
if (!isset($_POST['FromLocation'])){
$_POST['FromLocation']=$WORow['loccode'];
}
while ($LocRow = DB_fetch_array($LocResult)){
if ($_POST['FromLocation'] ==$LocRow['loccode']){
- echo '<option selected value="' . $LocRow['loccode'] .'">' . $LocRow['locationname'];
+ echo '<option selected value="' . $LocRow['loccode'] .'">' . $LocRow['locationname'] . '</option>';
} else {
- echo '<option value="' . $LocRow['loccode'] .'">' . $LocRow['locationname'];
+ echo '<option value="' . $LocRow['loccode'] .'">' . $LocRow['locationname'] . '</option>';
}
}
echo '</select>';
@@ -576,27 +584,27 @@
<th>' . _('Qty Issued') . '</th></tr>';
$RequirmentsResult = DB_query("SELECT worequirements.stockid,
- stockmaster.description,
- stockmaster.decimalplaces,
- autoissue,
- qtypu
- FROM worequirements INNER JOIN stockmaster
- ON worequirements.stockid=stockmaster.stockid
- WHERE wo='" . $_POST['WO'] . "'",
- $db);
+ stockmaster.description,
+ stockmaster.decimalplaces,
+ autoissue,
+ qtypu
+ FROM worequirements INNER JOIN stockmaster
+ ON worequirements.stockid=stockmaster.stockid
+ WHERE wo='" . $_POST['WO'] . "'",
+ $db);
while ($RequirementsRow = DB_fetch_array($RequirmentsResult)){
if ($RequirementsRow['autoissue']==0){
echo '<tr><td><input type="submit" name="IssueItem" value="' .$RequirementsRow['stockid'] . '"></td>
- <td>' . $RequirementsRow['stockid'] . ' - ' . $RequirementsRow['description'] . '</td>';
+ <td>' . $RequirementsRow['stockid'] . ' - ' . $RequirementsRow['description'] . '</td>';
} else {
echo '<tr><td class="notavailable">' . _('Auto Issue') . '<td class="notavailable">' .$RequirementsRow['stockid'] . ' - ' . $RequirementsRow['description'] .'</td>';
}
$IssuedAlreadyResult = DB_query("SELECT SUM(-qty) FROM stockmoves
- WHERE stockmoves.type=28
- AND stockid='" . $RequirementsRow['stockid'] . "'
- AND reference='" . $_POST['WO'] . "'",
- $db);
+ WHERE stockmoves.type=28
+ AND stockid='" . $RequirementsRow['stockid'] . "'
+ AND reference='" . $_POST['WO'] . "'",
+ $db);
$IssuedAlreadyRow = DB_fetch_row($IssuedAlreadyResult);
echo '<td class=number>' . number_format($WORow['qtyreqd']*$RequirementsRow['qtypu'],$RequirementsRow['decimalplaces']) . '</td>
@@ -615,31 +623,31 @@
echo '<table class=selection><tr><td>' . _('Select a stock category') . ':<select name="StockCat">';
if (!isset($_POST['StockCat'])){
- echo "<option selected VALUE='All'>" . _('All') . '</option>';
+ echo '<option selected value="All">' . _('All') . '</option>';
$_POST['StockCat'] ='All';
} else {
- echo "<option VALUE='All'>" . _('All') . '</option>';
+ echo '<option value="All">' . _('All') . '</option>';
}
while ($myrow1 = DB_fetch_array($result1)) {
if ($_POST['StockCat']==$myrow1['categoryid']){
- echo '<option selected VALUE=' . $myrow1['categoryid'] . '>' . $myrow1['categorydescription'];
+ echo '<option selected value=' . $myrow1['categoryid'] . '>' . $myrow1['categorydescription'] . '</option>';
} else {
- echo '<option VALUE='. $myrow1['categoryid'] . '>' . $myrow1['categorydescription'];
+ echo '<option value='. $myrow1['categoryid'] . '>' . $myrow1['categorydescription'] . '</option>';
}
}
?>
</select>
<td><?php echo _('Enter text extracts in the'); ?> <b><?php echo _('description'); ?></b>:</td>
- <td><input type="Text" name="Keywords" size=20 maxlength=25 VALUE="<?php if (isset($_POST['Keywords'])) echo $_POST['Keywords']; ?>"></td></tr>
+ <td><input type="Text" name="Keywords" size=20 maxlength=25 value="<?php if (isset($_POST['Keywords'])) echo $_POST['Keywords']; ?>"></td></tr>
<tr><td></td>
<td><font SIZE 3><b><?php echo _('OR'); ?> </b></font><?php echo _('Enter extract of the'); ?> <b><?php echo _('Stock Code'); ?></b>:</td>
- <td><input type="Text" name="StockCode" size="15" maxlength="18" VALUE="<?php if (isset($_POST['StockCode'])) echo $_POST['StockCode']; ?>"></td>
+ <td><input type="Text" name="StockCode" size="15" maxlength="18" value="<?php if (isset($_POST['StockCode'])) echo $_POST['StockCode']; ?>"></td>
</tr>
</table>
- <br /><div class="centre"><input type=submit name="Search" VALUE="<?php echo _('Search Now'); ?>">
+ <br /><div class="centre"><input type=submit name="Search" value="<?php echo _('Search Now'); ?>">
<script language='JavaScript' type='text/javascript'>
@@ -668,7 +676,7 @@
if (!in_array($myrow['stockid'],$ItemCodes)){
if (function_exists('imagecreatefrompng') ){
- $ImageSource = '<IMG SRC="GetStockImage.php?SID&automake=1&textcolor=FFFFFF&bgcolor=CCCCCC&StockID=' . urlencode($myrow['stockid']). '&text=&width=64&height=64">';
+ $ImageSource = '<IMG SRC="GetStockImage.php?automake=1&textcolor=FFFFFF&bgcolor=CCCCCC&StockID=' . urlencode($myrow['stockid']). '&text=&width=64&height=64">';
} else {
if(file_exists($_SERVER['DOCUMENT_ROOT'] . $rootpath. '/' . $_SESSION['part_pics_dir'] . '/' . $myrow['stockid'] . '.jpg')) {
$ImageSource = '<IMG SRC="' .$_SERVER['DOCUMENT_ROOT'] . $rootpath . '/' . $_SESSION['part_pics_dir'] . '/' . $myrow['stockid'] . '.jpg">';
@@ -685,7 +693,7 @@
$k=1;
}
- $IssueLink = $_SERVER['PHP_SELF'] . '?' . SID . '&WO=' . $_POST['WO'] . '&StockID=' . $_POST['StockID'] . '&IssueItem=' . $myrow['stockid'] . '&FromLocation=' . $_POST['FromLocation'];
+ $IssueLink = $_SERVER['PHP_SELF'] . '?WO=' . $_POST['WO'] . '&StockID=' . $_POST['StockID'] . '&IssueItem=' . $myrow['stockid'] . '&FromLocation=' . $_POST['FromLocation'];
printf("<td><font size=1>%s</font></td>
<td><font size=1>%s</font></td>
<td><font size=1>%s</font></td>
@@ -739,9 +747,9 @@
$SerialNoResult = DB_query("SELECT serialno
- FROM stockserialitems
- WHERE stockid='" . $_POST['IssueItem'] . "'
- AND loccode='" . $_POST['FromLocation'] . "'",
+ FROM stockserialitems
+ WHERE stockid='" . $_POST['IssueItem'] . "'
+ AND loccode='" . $_POST['FromLocation'] . "'",
$db,_('Could not retrieve the serial numbers available at the location specified because'));
if (DB_num_rows($SerialNoResult)==0){
echo '<tr><td>' . _('There are no serial numbers at this location to issue') . '</td></tr>';
Modified: trunk/WorkOrderReceive.php
===================================================================
--- trunk/WorkOrderReceive.php 2011-04-07 10:23:55 UTC (rev 4541)
+++ trunk/WorkOrderReceive.php 2011-04-08 23:37:01 UTC (rev 4542)
@@ -1,25 +1,23 @@
<?php
/* $Id$*/
-//$PageSecurity = 11;
-
include('includes/session.inc');
$title = _('Receive Work Order');
include('includes/header.inc');
include('includes/SQL_CommonFunctions.inc');
-echo '<a href="'. $rootpath . '/SelectWorkOrder.php?' . SID . '">' . _('Back to Work Orders'). '</a><br>';
-echo '<a href="'. $rootpath . '/WorkOrderCosting.php?' . SID . '&WO=' . $_REQUEST['WO'] . '">' . _('Back to Costing'). '</a><br>';
+echo '<a href="'. $rootpath . '/SelectWorkOrder.php">' . _('Back to Work Orders'). '</a><br>';
+echo '<a href="'. $rootpath . '/WorkOrderCosting.php?WO=' . $_REQUEST['WO'] . '">' . _('Back to Costing'). '</a><br>';
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/group_add.png" title="' .
_('Search') . '" alt="" />' . ' ' . $title.'</p';
-echo '<form action="' . $_SERVER['PHP_SELF'] . '?' . SID . '" method=post>';
+echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
echo '<input type="hidden" n...
[truncated message content] |
