[Web-erp-svn] SF.net SVN: web-erp:[4731] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 4731
          http://web-erp.svn.sourceforge.net/web-erp/?rev=4731&view=rev
Author:   daintree
Date:     2011-10-25 07:38:22 +0000 (Tue, 25 Oct 2011)
Log Message:
-----------
number_formats

Modified Paths:
--------------
    trunk/Locations.php
    trunk/MRP.php
    trunk/MRPCalendar.php
    trunk/MRPCreateDemands.php
    trunk/MRPDemandTypes.php
    trunk/MRPDemands.php

Modified: trunk/Locations.php
===================================================================

--- trunk/Locations.php	2011-10-23 05:41:35 UTC (rev 4730)
+++ trunk/Locations.php	2011-10-25 07:38:22 UTC (rev 4731)
@@ -55,17 +55,17 @@
 		}
 
 		$sql = "UPDATE locations SET loccode='" . $_POST['LocCode'] . "',
-									locationname='" . $_POST['LocationName'] . "',
-									deladd1='" . $_POST['DelAdd1'] . "',
-									deladd2='" . $_POST['DelAdd2'] . "',
-									deladd3='" . $_POST['DelAdd3'] . "',
-									deladd4='" . $_POST['DelAdd4'] . "',
-									deladd5='" . $_POST['DelAdd5'] . "',
-									deladd6='" . $_POST['DelAdd6'] . "',
-									tel='" . $_POST['Tel'] . "',
-									fax='" . $_POST['Fax'] . "',
-									email='" . $_POST['Email'] . "',
-									contact='" . $_POST['Contact'] . "',
+									locationname='" . DB_escape_string($_POST['LocationName']) . "',
+									deladd1='" . DB_escape_string($_POST['DelAdd1']) . "',
+									deladd2='" . DB_escape_string($_POST['DelAdd2']) . "',
+									deladd3='" . DB_escape_string($_POST['DelAdd3']) . "',
+									deladd4='" . DB_escape_string($_POST['DelAdd4']) . "',
+									deladd5='" . DB_escape_string($_POST['DelAdd5']) . "',
+									deladd6='" . DB_escape_string($_POST['DelAdd6']) . "',
+									tel='" . DB_escape_string($_POST['Tel']) . "',
+									fax='" . DB_escape_string($_POST['Fax']) . "',
+									email='" . DB_escape_string($_POST['Email']) . "',
+									contact='" . DB_escape_string($_POST['Contact']) . "',
 									taxprovinceid = '" . $_POST['TaxProvince'] . "',
 									cashsalecustomer ='" . $_POST['CashSaleCustomer'] . "',
 									cashsalebranch ='" . $_POST['CashSaleBranch'] . "',
@@ -124,18 +124,18 @@
 										cashsalecustomer,
 										cashsalebranch,
 										managed )
-						VALUES ('" . $_POST['LocCode'] . "',
-								'" . $_POST['LocationName'] . "',
-								'" . $_POST['DelAdd1'] ."',
-								'" . $_POST['DelAdd2'] ."',
-								'" . $_POST['DelAdd3'] . "',
-								'" . $_POST['DelAdd4'] . "',
-								'" . $_POST['DelAdd5'] . "',
-								'" . $_POST['DelAdd6'] . "',
-								'" . $_POST['Tel'] . "',
-								'" . $_POST['Fax'] . "',
-								'" . $_POST['Email'] . "',
-								'" . $_POST['Contact'] . "',
+						VALUES ('" . DB_escape_string($_POST['LocCode']) . "',
+								'" . DB_escape_string($_POST['LocationName']) . "',
+								'" . DB_escape_string($_POST['DelAdd1']) ."',
+								'" . DB_escape_string($_POST['DelAdd2']) ."',
+								'" . DB_escape_string($_POST['DelAdd3']) . "',
+								'" . DB_escape_string($_POST['DelAdd4']) . "',
+								'" . DB_escape_string($_POST['DelAdd5']) . "',
+								'" . DB_escape_string($_POST['DelAdd6']) . "',
+								'" . DB_escape_string($_POST['Tel']) . "',
+								'" . DB_escape_string($_POST['Fax']) . "',
+								'" . DB_escape_string($_POST['Email']) . "',
+								'" . DB_escape_string($_POST['Contact']) . "',
 								'" . $_POST['TaxProvince'] . "',
 								'" . $_POST['CashSaleCustomer'] . "',
 				        		'" . $_POST['CashSaleBranch'] . "',
@@ -353,8 +353,9 @@
 	echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/supplier.png" title="' .
 			_('Inventory') . '" alt="" />' . ' ' . $title . '</p>';
 
-	echo '<table class=selection>';
-	echo '<tr><th>' . _('Location Code') . '</th>
+	echo '<table class="selection">';
+	echo '<tr>
+			<th>' . _('Location Code') . '</th>
 			<th>' . _('Location Name') . '</th>
 			<th>' . _('Tax Province') . '</th>
 		</tr>';
@@ -458,19 +459,21 @@
 		echo '<tr>
 				<th colspan=2><font size=3 color=blue>'._('Amend Location details').'</font></th>
 			</tr>';
-		echo '<tr><td>' . _('Location Code') . ':</td><td>';
-		echo $_POST['LocCode'] . '</td></tr>';
+		echo '<tr>
+				<td>' . _('Location Code') . ':</td>
+				<td>' . $_POST['LocCode'] . '</td>
+			</tr>';
 	} else { //end of if $SelectedLocation only do the else when a new record is being entered
 		if (!isset($_POST['LocCode'])) {
 			$_POST['LocCode'] = '';
 		}
 		echo '<table class="selection">
 				<tr>
-					<th colspan=2><font size=3 color=blue>'._('New Location details').'</font></th>
+					<th colspan="2"><font size="3" color="blue">'._('New Location details').'</font></th>
 				</tr>';
 		echo '<tr>
 				<td>' . _('Location Code') . ':</td>
-				<td><input type="Text" name="LocCode" value="' . $_POST['LocCode'] . '" size=5 maxlength=5></td>
+				<td><input type="text" name="LocCode" value="' . $_POST['LocCode'] . '" size="5" maxlength="5" /></td>
 			</tr>';
 	}
 	if (!isset($_POST['LocationName'])) {
@@ -516,31 +519,54 @@
 		$_POST['Managed'] = 0;
 	}
 
-	echo '<tr><td>' .  _('Location Name') . ':' . '</td>';
-	echo '<td><input type="text" name="LocationName" value="'. $_POST['LocationName'] . '" size=51 maxlength="50" /></td></tr>';
-	echo '<tr><td>' . _('Contact for deliveries') . ':' . '</td>';
-	echo '<td><input type="text" name="Contact" value="' . $_POST['Contact'] . '" size="31" maxlength="30" /></td></tr>';
-	echo '<tr><td>' .  _('Delivery Address 1') . ':' . '</td>';
-	echo '<td><input type="text" name="DelAdd1" value="' . $_POST['DelAdd1'] . '" size="41" maxlength="40" /></td></tr>';
-	echo '<tr><td>' . _('Delivery Address 2') . ':' . '</td>';
-	echo '<td><input type="text" name="DelAdd2" value="' .  $_POST['DelAdd2'] . '" size="41" maxlength="40" /></td></tr>';
-	echo '<tr><td>' .  _('Delivery Address 3') . ':' . '</td>';
-	echo '<td><input type="text" name="DelAdd3" value="' .  $_POST['DelAdd3'] . '" size="41" maxlength="40" /></td></tr>';
-	echo '<tr><td>' .  _('Delivery Address 4') . ':' . '</td>';
-	echo '<td><input type="text" name="DelAdd4" value="' . $_POST['DelAdd4'] . '" size="41" maxlength=40 /></td></tr>';
-	echo '<tr><td>' .  _('Delivery Address 5') . ':' . '</td>';
-	echo '<td><input type="text" name="DelAdd5" value="' . $_POST['DelAdd5'] . '" size="21" maxlength="20" /></td></tr>';
-	echo '<tr><td>' . _('Delivery Address 6') . ':' . '</td>';
-	echo '<td><input type="text" name="DelAdd6" value="' . $_POST['DelAdd6'] . '" size="16" maxlength="15" /></td></tr>';
-	echo '<tr><td>' .  _('Telephone No') . ':' . '</td>';
-	echo '<td><input type="text" name="Tel" value="' . $_POST['Tel'] . '" size="31" maxlength="30" /></td></tr>';
-	echo '<tr><td>' .  _('Facsimile No') . ':' . '</td>';
-	echo '<td><input type="text" name="Fax" value="' . $_POST['Fax'] . '" size="31" maxlength="30" /></td></tr>';
-	echo '<tr><td>' .  _('Email') . ':' . '</td>';
-	echo '<td><input type="text" name="Email" value="' . $_POST['Email'] . '" size="31" maxlength="55" /></td></tr>';
+	echo '<tr>
+			<td>' .  _('Location Name') . ':' . '</td>
+			<td><input type="text" name="LocationName" value="'. $_POST['LocationName'] . '" size="51" maxlength="50" /></td>
+		</tr>
+		<tr>
+			<td>' . _('Contact for deliveries') . ':' . '</td>
+			<td><input type="text" name="Contact" value="' . $_POST['Contact'] . '" size="31" maxlength="30" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Delivery Address 1') . ':' . '</td>
+			<td><input type="text" name="DelAdd1" value="' . $_POST['DelAdd1'] . '" size="41" maxlength="40" /></td>
+		</tr>
+		<tr>
+			<td>' . _('Delivery Address 2') . ':' . '</td>
+			<td><input type="text" name="DelAdd2" value="' .  $_POST['DelAdd2'] . '" size="41" maxlength="40" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Delivery Address 3') . ':' . '</td>
+			<td><input type="text" name="DelAdd3" value="' .  $_POST['DelAdd3'] . '" size="41" maxlength="40" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Delivery Address 4') . ':' . '</td>
+			<td><input type="text" name="DelAdd4" value="' . $_POST['DelAdd4'] . '" size="41" maxlength=40 /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Delivery Address 5') . ':' . '</td>
+			<td><input type="text" name="DelAdd5" value="' . $_POST['DelAdd5'] . '" size="21" maxlength="20" /></td>
+		</tr>
+		<tr>
+			<td>' . _('Delivery Address 6') . ':' . '</td>
+			<td><input type="text" name="DelAdd6" value="' . $_POST['DelAdd6'] . '" size="16" maxlength="15" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Telephone No') . ':' . '</td>
+			<td><input type="text" name="Tel" value="' . $_POST['Tel'] . '" size="31" maxlength="30" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Facsimile No') . ':' . '</td>
+			<td><input type="text" name="Fax" value="' . $_POST['Fax'] . '" size="31" maxlength="30" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Email') . ':' . '</td>
+			<td><input type="text" name="Email" value="' . $_POST['Email'] . '" size="31" maxlength="55" /></td>
+		</tr>
+		<tr>
+			<td>' .  _('Tax Province') . ':' . '</td>
+			<td><select name="TaxProvince">';
 
-	echo '<td>' .  _('Tax Province') . ':' . '</td><td><select name="TaxProvince">';
-
 	$TaxProvinceResult = DB_query("SELECT taxprovinceid, taxprovincename FROM taxprovinces",$db);
 	while ($myrow=DB_fetch_array($TaxProvinceResult)){
 		if ($_POST['TaxProvince']==$myrow['taxprovinceid']){
@@ -550,24 +576,28 @@
 		}
 	}
 
-	echo '</select></td></tr>';
-	echo '<tr><td>' . _('Default Counter Sales Customer Code') . ':' . '</td>';
-	echo '<td><input type="text" name="CashSaleCustomer" value="' . $_POST['CashSaleCustomer'] .
-		'" size="11" maxlength="10" /></td></tr>';
-	echo '<tr><td>' . _('Counter Sales Branch Code') . ':' . '</td>';
-	echo '<td><input type="text" name="CashSaleBranch" value="' . $_POST['CashSaleBranch'] .
-		'" size="11" maxlength="10" /></td></tr>';
+	echo '</select></td>
+		</tr>
+		<tr>
+			<td>' . _('Default Counter Sales Customer Code') . ':' . '</td>
+			<td><input type="text" name="CashSaleCustomer" value="' . $_POST['CashSaleCustomer'] . '" size="11" maxlength="10" /></td>
+		</tr>
+		<tr>
+			<td>' . _('Counter Sales Branch Code') . ':' . '</td>
+			<td><input type="text" name="CashSaleBranch" value="' . $_POST['CashSaleBranch'] . '" size="11" maxlength="10" /></td>
+		</tr>';
 	/*
 	This functionality is not written yet ...
 	<tr><td><?php echo _('Enable Warehouse Management') . ':'; ?></td>
 	<td><input type='checkbox' name='Managed'<?php if($_POST['Managed'] == 1) echo ' checked';?>></td></tr>
 	*/
-	echo '</table><br />';
+	echo '</table>
+		<br />
+		<div class="centre">
+			<input type="Submit" name="submit" value="' .  _('Enter Information') . '">
+		</div>
+		</form>';
 
-	echo '<div class="centre"><input type="Submit" name="submit" value="' .  _('Enter Information') . '"></div>';
-
-	echo '</form>';
-
 } //end if record deleted no point displaying form to add record
 
 include('includes/footer.inc');

Modified: trunk/MRP.php
===================================================================
--- trunk/MRP.php	2011-10-23 05:41:35 UTC (rev 4730)
+++ trunk/MRP.php	2011-10-25 07:38:22 UTC (rev 4731)
@@ -8,7 +8,7 @@
 
 if (isset($_POST['submit'])) {
 
-	if (!$_POST['Leeway'] || !is_numeric($_POST['Leeway'])) {
+	if (!isset($_POST['Leeway']) OR !is_numeric(filter_number_format($_POST['Leeway']))) {
 		$_POST['Leeway'] = 0;
 	}
 
@@ -508,7 +508,7 @@
 								'" .  $_POST['shrinkageflag']  . "',
 								'" .  $_POST['eoqflag']  . "',
 								'" .  $_POST['usemrpdemands']  . "',
-								'" . $_POST['Leeway'] . "')";
+								'" . filter_number_format($_POST['Leeway']) . "')";
 	$result = DB_query($sql,$db);
 
 } else { // End of if submit isset
@@ -540,28 +540,49 @@
 		if ($myrow['shrinkageflag'] == 'y') {
 			 $useshrinkage = _('Yes');
 		}
-		echo '<table cellpadding=5><tr><td valign=top>';
-		echo '<table class=selection>';
-		echo '<tr><th colspan=3><font color=blue size=3>'._('Last Run Details').'</font></th></tr>';
-		echo '<tr>';
-		echo '<td>' . _('Last Run Time') . ':&nbsp&nbsp</td><td>' . $myrow['runtime'] . '</td></tr>';
-		echo '<td>' . _('Location') . ':&nbsp&nbsp</td><td>' . $myrow['location'] . '</td></tr>';
-		echo '<td>' . _('Days Leeway') . ':&nbsp&nbsp</td><td>' . $leeway . '</td></tr>';
-		echo '<td>' . _('Use MRP Demands') . ':&nbsp&nbsp</td><td>' . $usemrpdemands . '</td></tr>';
-		echo '<td>' . _('Use EOQ') . ':&nbsp&nbsp</td><td>' . $useeoq . '</td></tr>';
-		echo '<td>' . _('Use Pan Size') . ':&nbsp&nbsp</td><td>' . $usepansize . '</td></tr>';
-		echo '<td>' . _('Use Shrinkage') . ':&nbsp&nbsp</td><td>' . $useshrinkage . '</td></tr>';
-		echo '</table></td>';
+		echo '<table class="selection">
+				<tr>
+					<th colspan="3"><font color="blue" size="3">'._('Last Run Details').'</font></th>
+				</tr>
+				<tr>
+					<td>' . _('Last Run Time') . ':</td><td>' . $myrow['runtime'] . '</td>
+				</tr>
+				<tr>
+					<td>' . _('Location') . ':</td>
+					<td>' . $myrow['location'] . '</td>
+				</tr>
+				<tr>
+					<td>' . _('Days Leeway') . ':</td>
+					<td>' . $leeway . '</td>
+				</tr>
+				<tr>
+					<td>' . _('Use MRP Demands') . ':</td>
+					<td>' . $usemrpdemands . '</td>
+				</tr>
+				<tr>
+					<td>' . _('Use EOQ') . ':</td>
+					<td>' . $useeoq . '</td>
+				</tr>
+				<tr>
+					<td>' . _('Use Pan Size') . ':</td>
+					<td>' . $usepansize . '</td>
+				</tr>
+				<tr>
+					<td>' . _('Use Shrinkage') . ':</td>
+					<td>' . $useshrinkage . '</td>
+				</tr>
+				</table>';
 	}
 	echo '<p><form method="post" action="' . $_SERVER['PHP_SELF']  . '">';
 	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
-	echo '<table class="selection">';
-	// Generate selections for Location
-	echo '<tr><th colspan="3"><font color=blue size=3>'._('This Run Details').'</font></th></tr>';
-	echo '<tr>
-	 <td>' . _('Location') . '</td>
-	 <td><select name="location[]" multiple>
-	 <option value="All" selected>' . _('All') . '</option>';
+	echo '<table class="selection">
+			<tr>
+				<th colspan="3"><font color="blue" size="3">'._('This Run Details').'</font></th>
+			</tr>
+			<tr>
+				<td>' . _('Location') . '</td>
+				<td><select name="location[]" multiple>
+					<option value="All" selected>' . _('All') . '</option>';
 	 $sql = "SELECT loccode,
 				locationname
 			   FROM locations";
@@ -575,17 +596,33 @@
 		$leeway =0;
 	}
 
-	echo '<tr><td>' . _('Days Leeway') . ':</td><td><input type="text" name="Leeway" class=number size="4" value=' . $leeway . '>';
-	echo '<tr><td>' ._('Use MRP Demands?') . ':</td>';
-	echo '<td><input type="checkbox" name="usemrpdemands" value="y" checked></td></tr>';
-	echo '<tr><td>' ._('Use EOQ?') . ':</td>';
-	echo '<td><input type="checkbox" name="eoqflag" value="y" checked></td></tr>';
-	echo '<tr><td>' ._('Use Pan Size?') . ':</td>';
-	echo '<td><input type="checkbox" name="pansizeflag" value="y" checked></td></tr>';
-	echo '<tr><td>' ._('Use Shrinkage?') . ':</td>';
-	echo '<td><input type="checkbox" name="shrinkageflag" value="y" checked></td></tr>';
-	echo '</table></td></tr></table><div class="centre"><br /><br /><input type="submit" name="submit" value="' . _('Run MRP') . '"></div>';
-	echo '</form>';
+	echo '<tr>
+			<td>' . _('Days Leeway') . ':</td>
+			<td><input type="text" name="Leeway" class=number size="4" value="' . $leeway . '" />
+		</tr>
+		<tr>
+			<td>' ._('Use MRP Demands?') . ':</td>
+			<td><input type="checkbox" name="usemrpdemands" value="y" checked /></td>
+		</tr>
+		<tr>
+			<td>' ._('Use EOQ?') . ':</td>
+			<td><input type="checkbox" name="eoqflag" value="y" checked /></td>
+		</tr>
+		<tr>
+			<td>' ._('Use Pan Size?') . ':</td>
+			<td><input type="checkbox" name="pansizeflag" value="y" checked /></td>
+		</tr>
+		<tr>
+			<td>' ._('Use Shrinkage?') . ':</td>
+			<td><input type="checkbox" name="shrinkageflag" value="y" checked /></td>
+		</tr>
+		</table>
+		<div class="centre">
+			<br />
+			<br />
+			<input type="submit" name="submit" value="' . _('Run MRP') . '" />
+		</div>
+		</form>';
 }  // End of Main program logic -------------------------------------------------------
 
 
@@ -640,7 +677,7 @@
 				$ReqDate = ConvertSQLDate($Requirements[$reqi]['daterequired']);
 				$DateDiff = DateDiff($DueDate,$ReqDate,'d');
 				//if ($Supplies[$supi]['duedate'] > $Requirements[$reqi]['daterequired']) {
-				if ($DateDiff > abs($_POST['Leeway'])) {
+				if ($DateDiff > abs(filter_number_format($_POST['Leeway']))) {
 					$sql = "UPDATE mrpsupplies SET mrpdate = '" . $Requirements[$reqi]['daterequired'] .
 					   "' WHERE id = '" . $Supplies[$supi]['id'] . "' AND duedate = mrpdate";
 					$result = DB_query($sql,$db);

Modified: trunk/MRPCalendar.php
===================================================================
--- trunk/MRPCalendar.php	2011-10-23 05:41:35 UTC (rev 4730)
+++ trunk/MRPCalendar.php	2011-10-25 07:38:22 UTC (rev 4731)
@@ -16,8 +16,10 @@
 	$ChangeDate =trim(mb_strtoupper($_GET['ChangeDate']));
 }
 
-echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/inventory.png" title="' .
-			_('Inventory') . '" alt="" />' . ' ' . $title . '</p>';
+echo '<p class="page_title_text">
+		<img src="'.$rootpath.'/css/'.$theme.'/images/inventory.png" title="' .
+			_('Inventory') . '" alt="" />' . ' ' . $title . '
+	</p>';
 
 if (isset($_POST['submit'])) {
 	submit($db,$ChangeDate);
@@ -60,12 +62,11 @@
 	$ConvertToDate = ConvertSQLDate($FormatToDate);
 
 	$DateGreater = Date1GreaterThanDate2($_POST['ToDate'],$_POST['FromDate']);
-	$DateDiff = DateDiff($ConvertToDate,$ConvertFromDate,"d"); // Date1 minus Date2
+	$DateDiff = DateDiff($ConvertToDate,$ConvertFromDate,'d'); // Date1 minus Date2
 
 	if ($DateDiff < 1) {
 		$InputError = 1;
 		prnMsg(_('To Date Must Be Greater Than From Date'),'error');
-
 	}
 
 	 if ($InputError == 1) {
@@ -87,9 +88,10 @@
 
 	$i = 0;
 
-	// $DaysTextArray used so can get text of day based on the value get from DayOfWeekFromSQLDate of
-	// the calendar date. See if that text is in the ExcludeDays array
-	$DaysTextArray = array('Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday');
+	/* $DaysTextArray used so can get text of day based on the value get from DayOfWeekFromSQLDate of
+	 the calendar date. See if that text is in the ExcludeDays array note no gettext here hard coded english days from $_POST 
+	 * $DaysTextArray = array('Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday');
+	 */
 	$ExcludeDays = array($_POST['Sunday'],$_POST['Monday'],$_POST['Tuesday'],$_POST['Wednesday'],
 						 $_POST['Thursday'],$_POST['Friday'],$_POST['Saturday']);
 
@@ -132,7 +134,7 @@
 					WHERE calendardate = '" . $CalDate . "'";
 		   $resultupdate = DB_query($sql,$db,$ErrMsg);
 	}
-	prnMsg(_("The MRP Calendar has been created"),'succes');
+	prnMsg(_('The MRP Calendar has been created'),'success');
 	display($db,$ChangeDate);
 
 } // End of function submit()
@@ -168,10 +170,10 @@
 		$newmanufacturingflag = 1;
 	}
 	$sql = "UPDATE mrpcalendar SET manufacturingflag = '".$newmanufacturingflag."'
-				WHERE calendardate = '".$CalDate."'";
+			WHERE calendardate = '".$CalDate."'";
 	$ErrMsg = _('Cannot update the MRP Calendar');
 	$resultupdate = DB_query($sql,$db,$ErrMsg);
-	prnMsg(_("The MRP calendar record for $ChangeDate has been updated"),'success');
+	prnMsg(_('The MRP calendar record for') . ' ' . $ChangeDate  . ' ' . _('has been updated'),'success');
 	unset ($ChangeDate);
 	display($db,$ChangeDate);
 
@@ -204,14 +206,15 @@
 				   daynumber,
 				   manufacturingflag,
 				   DAYNAME(calendardate) as dayname
-		FROM mrpcalendar
-		WHERE calendardate >='" . $FromDate . "'
-		  AND calendardate <='" . $ToDate . "'";
+			FROM mrpcalendar
+			WHERE calendardate >='" . $FromDate . "'
+			AND calendardate <='" . $ToDate . "'";
 
 	$ErrMsg = _('The SQL to find the parts selected failed with the message');
 	$result = DB_query($sql,$db,$ErrMsg);
 
-	echo '<br /><table class="selection">
+	echo '<br />
+		<table class="selection">
 		<tr bgcolor ="#800000">
 			<th>' . _('Date') . '</th>
 			<th>' . _('Manufacturing Date') . '</th>
@@ -258,57 +261,62 @@
 
 	echo '<tr>
 			<td>' . _('From Date') . ':</td>
-			<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] .'" name="FromDate" size="10" maxlength="10" value="' . $_POST['FromDate'] . '"></td></tr>
+			<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] .'" name="FromDate" size="10" maxlength="10" value="' . $_POST['FromDate'] . '" /></td></tr>
 			<tr></tr><td>' . _('To Date') . ':</td>
-			<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] .'" name="ToDate" size="10" maxlength="10" value="' . $_POST['ToDate'] . '"></td>
+			<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] .'" name="ToDate" size="10" maxlength="10" value="' . $_POST['ToDate'] . '" /></td>
 		</tr>
 		<tr><td></td></tr>
 		<tr><td></td></tr>
 		<tr><td>'._('Exclude The Following Days').'</td></tr>
 		 <tr>
 			<td>' . _('Saturday') . ':</td>
-			<td><input type="checkbox" name="Saturday" value="Saturday"></td>
+			<td><input type="checkbox" name="Saturday" value="Saturday" /></td>
 		</tr>
 		 <tr>
 			<td>' . _('Sunday') . ':</td>
-			<td><input type="checkbox" name="Sunday" value="Sunday"></td>
+			<td><input type="checkbox" name="Sunday" value="Sunday" /></td>
 		</tr>
 		 <tr>
 			<td>' . _('Monday') . ':</td>
-			<td><input type="checkbox" name="Monday" value="Monday"></td>
+			<td><input type="checkbox" name="Monday" value="Monday" /></td>
 		</tr>
 		 <tr>
 			<td>' . _('Tuesday') . ':</td>
-			<td><input type="checkbox" name="Tuesday" value="Tuesday"></td>
+			<td><input type="checkbox" name="Tuesday" value="Tuesday" /></td>
 		</tr>
 		 <tr>
 			<td>' . _('Wednesday') . ':</td>
-			<td><input type="checkbox" name="Wednesday" value="Wednesday"></td>
+			<td><input type="checkbox" name="Wednesday" value="Wednesday" /></td>
 		</tr>
 		 <tr>
 			<td>' . _('Thursday') . ':</td>
-			<td><input type="checkbox" name="Thursday" value="Thursday"></td>
+			<td><input type="checkbox" name="Thursday" value="Thursday" /></td>
 		</tr>
 		 <tr>
 			<td>' . _('Friday') . ':</td>
-			<td><input type="checkbox" name="Friday" value="Friday"></td>
+			<td><input type="checkbox" name="Friday" value="Friday" /></td>
 		</tr>
 		</table><br />
-		<div class=centre><input type="submit" name="submit" value="' . _('Create Calendar') . '">
-		<input type="submit" name="listall" value="' . _('List Date Range') . '"></div>';
+		<div class="centre">
+			<input type="submit" name="submit" value="' . _('Create Calendar') . '" />
+			<input type="submit" name="listall" value="' . _('List Date Range') . '">
+		</div>';
 
 	if (!isset($_POST['ChangeDate'])) {
 		$_POST['ChangeDate']=date($_SESSION['DefaultDateFormat']);
 	}
 	
-	echo '<br /><table class="selection">';
-	echo '<tr>
+	echo '<br />
+		<table class="selection">
+		<tr>
 			<td>' . _('Change Date Status') . ':</td>
-			<td><input type="text" name="ChangeDate" class="date" alt="' . $_SESSION['DefaultDateFormat'] .
-				'" size="12" maxlength="12" value="' . $_POST['ChangeDate'] . '"></td>
-		  <td><input type="submit" name="update" value="' . _('Update') . '"></td></tr></table>';
-	echo '<br /><br /><div class="centre"></div>';
-	echo '</form>';
+			<td><input type="text" name="ChangeDate" class="date" alt="' . $_SESSION['DefaultDateFormat'] . '" size="12" maxlength="12" value="' . $_POST['ChangeDate'] . '" /></td>
+			<td><input type="submit" name="update" value="' . _('Update') . '" /></td>
+		</tr>
+		</table>
+		<br />
+		<br />
+		</form>';
 
 } // End of function display()
 

Modified: trunk/MRPCreateDemands.php
===================================================================
--- trunk/MRPCreateDemands.php	2011-10-23 05:41:35 UTC (rev 4730)
+++ trunk/MRPCreateDemands.php	2011-10-25 07:38:22 UTC (rev 4731)
@@ -33,6 +33,14 @@
 		$InputError=1;
 		unset($_POST['DistDate']);
 	}
+	if (!is_numeric(filter_number_format($_POST['ExcludeQuantity']))){
+		$msg = _('The quantity below which no demand will be created must be numeric');
+		$InputError=1;
+	}
+	if (!is_numeric(filter_number_format($_POST['Multiplier']))){
+		$msg = _('The multiplier is expected to be a positive number');
+		$InputError=1;
+	}
 	
 	if ($InputError==1){
 		prnMsg($msg,'error');
@@ -68,17 +76,23 @@
 	// number quantity into each entry of the periodqty array, and add 1 to the periodqty array
 	// until the remainder number is used up. Then create an mrpdemands records for everything
 	// in the array
-	$multiplier = $_POST['Multiplier'];
-	if ($_POST['Multiplier'] < 1) {
-		$multiplier = 1;
+	
+	if (filter_number_format($_POST['Multiplier']) < 1) {
+		$Multiplier = 1;
+	} else {
+		$Multiplier = filter_number_format($_POST['Multiplier']);
 	}
-	$excludeqty = $_POST['Excludeqty'];
-	if ($_POST['Excludeqty'] < 1) {
-		$excludeqty = 1;
+	
+	if ($_POST['ExcludeQuantity'] < 1) {
+		$ExcludeQty = 1;
+	} else {
+		$ExcludeQty = filter_number_format($_POST['ExcludeQuantity']);
 	}
-	$excludeamt = $_POST['Excludeamt'];
-	if ($_POST['Excludeamt'] < 1) {
-		$excludeamt = 0;
+	
+	if ($_POST['ExcludeAmount'] < 1) {
+		$ExcludeAmount = 0;
+	} else {
+		$ExcludeAmount = filter_number_format($_POST['ExcludeAmount']);
 	}
 	
 	// Create array of dates based on DistDate and adding either weeks or months
@@ -137,10 +151,10 @@
 	
 	$TotalRecords = 0;
 	while ($myrow = DB_fetch_array($result)) {
-		if (($myrow['totqty'] >= $excludeqty) and ($myrow['totextqty'] >= $excludeamt)) {
+		if (($myrow['totqty'] >= $ExcludeQty) AND ($myrow['totextqty'] >= $ExcludeAmount)) {
 			unset($PeriodQty);
 			$PeriodQty[] = ' ';
-			$TotalQty = $myrow['totqtyinvoiced'] * $multiplier;
+			$TotalQty = $myrow['totqtyinvoiced'] * $Multiplier;
 			$WholeNumber = floor($TotalQty / $_POST['PeriodNumber']);
 			$Remainder = ($TotalQty % $_POST['PeriodNumber']);
 			if ($WholeNumber > 0) {
@@ -169,7 +183,7 @@
 					$TotalRecords++;
 	
 			} // end of foreach for INSERT
-		} // end of if that checks exludeqty, excludeamt
+		} // end of if that checks exludeqty, ExcludeAmount
 	
 	} //end while loop
 	
@@ -179,10 +193,12 @@
 
 echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/inventory.png" title="' .
 	_('Inventory') . '" alt="" />' . ' ' . $title . '</p>';
-echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post"><b><br /></b>';
+echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
 echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
-echo '<table class=selection>';
-echo '<tr><td>' . _('Demand Type') . ':</td><td><select name="MRPDemandtype">';
+echo '<table class="selection">
+	<tr>
+		<td>' . _('Demand Type') . ':</td>
+		<td><select name="MRPDemandtype">';
 $sql = "SELECT mrpdemandtype,
 				description
 		FROM mrpdemandtypes";
@@ -223,36 +239,42 @@
 if (!isset($_POST['DistDate'])) {
 	$_POST['DistDate']=date($_SESSION['DefaultDateFormat']);
 }
-echo '<tr><td>' . _('From Sales Date') . ':</td>
-		<td><input type="text" class="date" alt="'.$_SESSION['DefaultDateFormat'].'" name="FromDate" size="10" value="' . $_POST['FromDate'] . '" />';
-echo '&nbsp;&nbsp;&nbsp;'. _('To Sales Date') . ':<input type="text" class="date" alt="'.$_SESSION['DefaultDateFormat'].'" name="ToDate" size="10" value="' . $_POST['ToDate'] . '" /></td>
-	</tr>';
-echo '<tr><td>' . _('Start Date For Distribution') . ':</td>
+echo '<tr>
+		<td>' . _('From Sales Date') . ':</td>
+		<td><input type="text" class="date" alt="'.$_SESSION['DefaultDateFormat'].'" name="FromDate" size="10" value="' . $_POST['FromDate'] . '" />&nbsp;&nbsp;&nbsp;'. _('To Sales Date') . ':<input type="text" class="date" alt="'.$_SESSION['DefaultDateFormat'].'" name="ToDate" size="10" value="' . $_POST['ToDate'] . '" /></td>
+	</tr>
+	<tr>
+		<td>' . _('Start Date For Distribution') . ':</td>
 		<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] .'" name="DistDate" size="10" value="' . $_POST['DistDate'] . '" /></td>
-	</tr>';
-echo '<tr><td>' . _('Distribution Period') . ':</td>
-		<td><select name="Period">';
-echo 	'<option selected value="weekly">' . _('Weekly') . '</option>
-		 <option value="monthly">' . _('Monthly') .'</option>
-		</select></td>
-	  </tr>';
-echo '<tr><td>' . _('Number of Periods') .':</td>
+	</tr>
+	<tr>
+		<td>' . _('Distribution Period') . ':</td>
+		<td><select name="Period">
+			<option selected value="weekly">' . _('Weekly') . '</option>
+			<option value="monthly">' . _('Monthly') .'</option>
+			</select></td>
+	</tr>
+	<tr>
+		<td>' . _('Number of Periods') .':</td>
 		<td><input type ="text" class="number" name="PeriodNumber" size="4" value="1" /></td>
-	  </tr>';
-echo '<tr><td>' . _('Exclude Total Quantity Less Than') . ':</td>
-		<td><input type ="text" class="number" name="Excludeqty" size="4" value="1">';
-echo '<tr><td>' . _('Exclude Total Dollars Less Than') . ':</td>
-		<td><input type ="text" class="number" name="Excludeamt" size="8" value="0"></td>
-	  </tr>';
-echo '<tr><td>' . _('Multiplier') .':</td>
+	</tr>
+	<tr>
+		<td>' . _('Exclude Total Quantity Less Than') . ':</td>
+		<td><input type ="text" class="number" name="ExcludeQuantity" size="4" value="1" />
+	<tr>
+		<td>' . _('Exclude Total Dollars Less Than') . ':</td>
+		<td><input type ="text" class="number" name="ExcludeAmount" size="8" value="0" /></td>
+	</tr>
+	<tr>
+		<td>' . _('Multiplier') .':</td>
 		<td><input type="text" class="number" name="Multiplier" size="2" value="1" /></td>
-	  </tr>
-	  <tr>
+	</tr>
+	<tr>
 		<td></td>
-	  </tr>
-	  </table>';
-echo '<br />
-	<div class=centre>
+	</tr>
+	</table>
+	<br />
+	<div class="centre">
 		<input type="submit" name="submit" value="' . _('Submit') .  '" />
 	</div>';
 

Modified: trunk/MRPDemandTypes.php
===================================================================
--- trunk/MRPDemandTypes.php	2011-10-23 05:41:35 UTC (rev 4730)
+++ trunk/MRPDemandTypes.php	2011-10-25 07:38:22 UTC (rev 4731)
@@ -58,7 +58,7 @@
 		$sql = "INSERT INTO mrpdemandtypes (mrpdemandtype,
 						description)
 					VALUES ('" . trim(mb_strtoupper($_POST['MRPDemandType'])) . "',
-						'" . $_POST['Description'] . "'
+						'" . DB_escape_string($_POST['Description']) . "'
 						)";
 		$msg = _('The new demand type has been added to the database');
 	}
@@ -169,7 +169,7 @@
 	echo '<table class="selection">
 			<tr>
 				<td>' . _('Demand Type') . ':</td>
-				<td><input type="text" name="MRPDemandType" size="6" maxlength="5" value="' . $_POST['MRPDemandType'] . '"></td>
+				<td><input type="text" name="MRPDemandType" size="6" maxlength="5" value="' . $_POST['MRPDemandType'] . '" /></td>
 			</tr>' ;
 }
 
@@ -177,13 +177,16 @@
 	$_POST['Description'] = '';
 }
 
-echo '<tr><td>' . _('Demand Type Description') . ':</td>
-			<td><input type="text" name="Description" size="31" maxlength="30" value="' . $_POST['Description'] . '"></td>
-		</tr>
-		</table>';
-
-echo '<br /><div class="centre"><input type="Submit" name="submit" value="' . _('Enter Information') . '"></div>';
-
-echo '</form>';
+echo '<tr>
+		<td>' . _('Demand Type Description') . ':</td>
+		<td><input type="text" name="Description" size="31" maxlength="30" value="' . $_POST['Description'] . '" /></td>
+	</tr>
+	</table>
+	<br />
+	<div class="centre">
+		<input type="submit" name="submit" value="' . _('Enter Information') . '" />
+	</div>
+	</form>';
+	
 include('includes/footer.inc');
 ?>
\ No newline at end of file

Modified: trunk/MRPDemands.php
===================================================================
--- trunk/MRPDemands.php	2011-10-23 05:41:35 UTC (rev 4730)
+++ trunk/MRPDemands.php	2011-10-25 07:38:22 UTC (rev 4731)
@@ -136,11 +136,11 @@
 
 	//first off validate inputs sensible
 
-	if (!is_numeric($_POST['Quantity'])) {
+	if (!is_numeric(filter_number_format($_POST['Quantity']))) {
 		$InputError = 1;
 		prnMsg(_('Quantity must be numeric'),'error');
 	}
-	if ($_POST['Quantity'] <= 0) {
+	if (filter_number_format($_POST['Quantity']) <= 0) {
 		$InputError = 1;
 		prnMsg(_('Quantity must be greater than 0'),'error');
 	}
@@ -190,7 +190,7 @@
 
 		if ($myrow[0]>0) {
 			//If $myrow[0] > 0, it means this is an edit, so do an update
-			$sql = "UPDATE mrpdemands SET quantity = '" . $_POST['Quantity'] . "',
+			$sql = "UPDATE mrpdemands SET quantity = '" . filter_number_format($_POST['Quantity']) . "',
 							mrpdemandtype = '" . trim(mb_strtoupper($_POST['MRPDemandtype'])) . "',
 							duedate = '" . $FormatedDuedate . "'
 					WHERE demandid = '" . $DemandID . "'";
@@ -204,7 +204,7 @@
 							duedate)
 						VALUES ('" . $StockID . "',
 							'" . trim(mb_strtoupper($_POST['MRPDemandtype'])) . "',
-							'" . $_POST['Quantity'] . "',
+							'" . filter_number_format($_POST['Quantity']) . "',
 							'" . $FormatedDuedate . "'
 						)";
 			$msg = _('A new MRP demand record has been added to the database for') . ' ' . $StockID;
@@ -277,7 +277,8 @@
 				   mrpdemands.mrpdemandtype,
 				   mrpdemands.quantity,
 				   mrpdemands.duedate,
-				   stockmaster.description
+				   stockmaster.description,
+				   stockmaster.decimalplaces
 			FROM mrpdemands
 			LEFT JOIN stockmaster on mrpdemands.stockid = stockmaster.stockid" .
 			 $where	. " ORDER BY mrpdemands.stockid, mrpdemands.duedate";
@@ -294,16 +295,16 @@
 			<th>' . _('Due Date') . '</th>
 			</tr>';
 	$ctr = 0;
-	while ($myrow = DB_fetch_row($result)) {
+	while ($myrow = DB_fetch_array($result)) {
 		$displaydate = ConvertSQLDate($myrow[4]);
 		$ctr++;
-		echo '<tr><td>' . $myrow[1] . '</td>
-				<td>' . $myrow[5] . '</td>
-				<td>' . $myrow[2] . '</td>
-				<td>' . $myrow[3] . '</td>
+		echo '<tr><td>' . $myrow['stockid'] . '</td>
+				<td>' . $myrow['description'] . '</td>
+				<td>' . $myrow['mrpdemandtype'] . '</td>
+				<td>' . locale_number_format($myrow['quantity'],$myrow['decimalplaces']) . '</td>
 				<td>' . $displaydate . '</td>
-				<td><a href="' .$_SERVER['PHP_SELF'] .'?DemandID=' . $myrow[0] . '&StockID=' . $myrow[1] . '">' . _('Edit') . '</td>
-				<td><a href="' . $_SERVER['PHP_SELF'] . '?DemandID=' . $myrow[0] . '&StockID=' . $myrow[1].'&delete=yes" onclick="return confirm(\'' . _('Are you sure you wish to delete this demand?') . '\');">' . _('Delete') .'</td>
+				<td><a href="' .$_SERVER['PHP_SELF'] .'?DemandID=' . $myrow['demandid'] . '&StockID=' . $myrow['stockid'] . '">' . _('Edit') . '</td>
+				<td><a href="' . $_SERVER['PHP_SELF'] . '?DemandID=' . $myrow['demandid'] . '&StockID=' . $myrow['stockid'].'&delete=yes" onclick="return confirm(\'' . _('Are you sure you wish to delete this demand?') . '\');">' . _('Delete') .'</td>
 				</tr>';
 	}
 
@@ -354,21 +355,27 @@
 				$_POST['DemandID'] = $myrow['demandid'];
 				$_POST['StockID'] = $myrow['stockid'];
 				$_POST['MRPDemandtype'] = $myrow['mrpdemandtype'];
-				$_POST['Quantity'] = $myrow['quantity'];
+				$_POST['Quantity'] = locale_number_format($myrow['quantity'],'Variable');
 				$_POST['Duedate']  = ConvertSQLDate($myrow['duedate']);
 			}
 
-			echo '<input type="hidden" name="DemandID" value=' . $_POST['DemandID'] . '>';
-			echo '<input type="hidden" name="StockID" value="' . $_POST['StockID'] . '">';
-			echo '<table class=selection><tr><td>' ._('Part Number') . ':</td><td>' . $_POST['StockID'] . '</td></tr>';
+			echo '<input type="hidden" name="DemandID" value="' . $_POST['DemandID'] . '" />';
+			echo '<input type="hidden" name="StockID" value="' . $_POST['StockID'] . '" />';
+			echo '<table class="selection">
+					<tr>
+						<td>' ._('Part Number') . ':</td>
+						<td>' . $_POST['StockID'] . '</td>
+					</tr>';
 
 		} else {
 			if (!isset($_POST['StockID'])) {
 				$_POST['StockID'] = '';
 			}
-			echo '<table class=selection><tr>
-				<td>' . _('Part Number') . ':</td>
-				<td><input type="Text" name="StockID" size=21 maxlength=20 value="' . $_POST['StockID'] . '"></td></tr>';
+			echo '<table class="selection">
+					<tr>
+						<td>' . _('Part Number') . ':</td>
+						<td><input type="text" name="StockID" size="21" maxlength="20" value="' . $_POST['StockID'] . '" /></td>
+					</tr>';
 		}
 
 
@@ -381,11 +388,11 @@
 		}
 
 		echo '<tr><td>' . _('Quantity') . ':</td>
-				<td><input type="text" name="Quantity" class="number" size="6" maxlength="6" value=' . $_POST['Quantity'] . '></td>
+				<td><input type="text" name="Quantity" class="number" size="6" maxlength="6" value="' . $_POST['Quantity'] . '" /></td>
 			</tr>
 			<tr>
 				<td>' . _('Due Date') . ':</td>
-				<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] . '" name="Duedate" size="12" maxlength="12" value="' . $_POST['Duedate'] . '"></td>
+				<td><input type="text" class="date" alt="' . $_SESSION['DefaultDateFormat'] . '" name="Duedate" size="12" maxlength="12" value="' . $_POST['Duedate'] . '" /></td>
 			</tr>';
 		// Generate selections for Demand Type
 		echo '<tr>
@@ -404,19 +411,21 @@
 			}
 			echo $myrow['mrpdemandtype'] . '">' . $myrow['mrpdemandtype'] . ' - ' .$myrow['description'] . '</option>';
 		} //end while loop
-		echo '</select></td></tr>';
-
-		echo '</table>';
-		echo '<br />
-			<div class="centre"><input type="submit" name="submit" value="' . _('Enter Information') . '" />&nbsp&nbsp';
-		echo '<input type="submit" name="listsome" value="' . _('List Selection') . '" />&nbsp&nbsp';
-		echo '<input type="submit" name="deletesome" value="' . _('Delete Demand Type') . '" />';
+		echo '</select></td>
+			</tr>
+			</table>
+			<br />
+			<div class="centre">
+				<input type="submit" name="submit" value="' . _('Enter Information') . '" />&nbsp&nbsp
+				<input type="submit" name="listsome" value="' . _('List Selection') . '" />&nbsp&nbsp
+				<input type="submit" name="deletesome" value="' . _('Delete Demand Type') . '" />';
 		// If mrpdemand record exists, display option to delete it
 		if ((isset($DemandID)) AND (DB_num_rows($result) > 0)) {
 			echo '<br/><br/><a href=" ' . $_SERVER['PHP_SELF'] . '?delete=yes&StockID='.$StockID.'&DemandID=' . $DemandID . '" onclick="return confirm(\'' . _('Are you sure you wish to delete this demand?') . '\');">' . _('Or Delete Record') ;
 		}
 	}
-	echo '</form>';
+	echo '</div>
+		</form>';
 
 } // End of function display()
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.





[Web-erp-svn] SF.net SVN: web-erp:[4731] trunk

Accounting & Best Practice Business Administration System

[Web-erp-svn] SF.net SVN: web-erp:[4731] trunk