Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[5637] trunk
|
From: <dai...@us...> - 2012-09-08 06:07:37
|
Revision: 5637
http://web-erp.svn.sourceforge.net/web-erp/?rev=5637&view=rev
Author: daintree
Date: 2012-09-08 06:07:30 +0000 (Sat, 08 Sep 2012)
Log Message:
-----------
remove REQUEST use
Modified Paths:
--------------
trunk/MRP.php
trunk/PDFTopItems.php
trunk/SelectAsset.php
trunk/TopItems.php
Modified: trunk/MRP.php
===================================================================
--- trunk/MRP.php 2012-09-08 04:28:27 UTC (rev 5636)
+++ trunk/MRP.php 2012-09-08 06:07:30 UTC (rev 5637)
@@ -245,10 +245,11 @@
salesorderdetails.orderno,
'1',
stkcode
- FROM salesorders, salesorderdetails, stockmaster
- WHERE salesorders.orderno = salesorderdetails.orderno
- AND stockmaster.stockid = salesorderdetails.stkcode
- AND stockmaster.discontinued = 0
+ FROM salesorders INNER JOIN salesorderdetails
+ ON salesorders.orderno = salesorderdetails.orderno
+ INNER JOIN stockmaster
+ ON stockmaster.stockid = salesorderdetails.stkcode
+ WHERE stockmaster.discontinued = 0
AND (quantity - qtyinvoiced) > 0
AND salesorderdetails.completed = 0
AND salesorders.quotation = 0";
Modified: trunk/PDFTopItems.php
===================================================================
--- trunk/PDFTopItems.php 2012-09-08 04:28:27 UTC (rev 5636)
+++ trunk/PDFTopItems.php 2012-09-08 06:07:30 UTC (rev 5637)
@@ -13,7 +13,7 @@
$FromDate = FormatDateForSQL(DateAdd(Date($_SESSION['DefaultDateFormat']),'d', -$_GET['NumberOfDays']));
//the situation if the location and customer type selected "All"
-if (($_GET['Location'] == 'All') and ($_GET['Customers'] == 'All')) {
+if (($_GET['Location'] == 'All') AND ($_GET['Customers'] == 'All')) {
$SQL = "SELECT salesorderdetails.stkcode,
SUM(salesorderdetails.qtyinvoiced) totalinvoiced,
SUM(salesorderdetails.qtyinvoiced * salesorderdetails.unitprice ) AS valuesales,
@@ -26,8 +26,8 @@
AND salesorders.debtorno = debtorsmaster.debtorno
AND salesorderdetails.actualdispatchdate >='" . $FromDate . "'
GROUP BY salesorderdetails.stkcode
- ORDER BY " . $_GET['Sequence'] . " DESC
- LIMIT " . $_GET['NumberOfTopItems'] ;
+ ORDER BY `" . $_GET['Sequence'] . "` DESC
+ LIMIT " . intval($_GET['NumberOfTopItems']) ;
} else { //the situation if only location type selected "All"
if ($_GET['Location'] == 'All') {
$SQL = "SELECT salesorderdetails.stkcode,
@@ -42,8 +42,8 @@
AND debtorsmaster.typeid = '" . $_GET['Customers'] . "'
AND salesorderdetails.ActualDispatchDate >= '" . $FromDate . "'
GROUP BY salesorderdetails.stkcode
- ORDER BY " . $_GET['Sequence'] . " DESC
- LIMIT " . $_GET['NumberOfTopItems'];
+ ORDER BY `" . $_GET['Sequence'] . "` DESC
+ LIMIT " . intval($_GET['NumberOfTopItems']);
} else {
//the situation if the customer type selected "All"
if ($_GET['Customers'] == 'All') {
@@ -60,8 +60,8 @@
AND salesorders.fromstkloc = '" . $_GET['Location'] . "'
AND salesorderdetails.ActualDispatchDate >= '" . $FromDate . "'
GROUP BY salesorderdetails.stkcode
- ORDER BY " . $_GET['Sequence'] . " DESC
- LIMIT 0," . $_GET['NumberOfTopItems'];
+ ORDER BY `" . $_GET['Sequence'] . "` DESC
+ LIMIT 0," . intval($_GET['NumberOfTopItems']);
} else {
//the situation if the location and customer type not selected "All"
$SQL = "SELECT salesorderdetails.stkcode,
@@ -78,8 +78,8 @@
AND debtorsmaster.typeid = '" . $_GET['Customers'] . "'
AND salesorderdetails.actualdispatchdate >= '" . $FromDate . "'
GROUP BY salesorderdetails.stkcode
- ORDER BY " . $_GET['Sequence'] . " DESC
- LIMIT " . $_GET['NumberOfTopItems'];
+ ORDER BY `" . $_GET['Sequence'] . "` DESC
+ LIMIT " . intval($_GET['NumberOfTopItems']);
}
}
}
@@ -90,7 +90,7 @@
//find the quantity onhand item
$sqloh = "SELECT sum(quantity)as qty
FROM locstock
- WHERE stockid='" . $myrow['stkcode'] . "'";
+ WHERE stockid='" . DB_escape_string($myrow['stkcode']) . "'";
$oh = DB_query($sqloh, $db);
$ohRow = DB_fetch_row($oh);
$LeftOvers = $pdf->addTextWrap($Left_Margin + 1, $YPos, 80, $FontSize, $myrow['stkcode']);
Modified: trunk/SelectAsset.php
===================================================================
--- trunk/SelectAsset.php 2012-09-08 04:28:27 UTC (rev 5636)
+++ trunk/SelectAsset.php 2012-09-08 06:07:30 UTC (rev 5637)
@@ -40,7 +40,7 @@
}
// end of showing search facilities
-echo '<form action="SelectAsset.php?' . SID . '" method="post">';
+echo '<form action="SelectAsset.php" method="post">';
echo '<div>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p class="page_title_text"><img src="' . $rootpath . '/css/' . $theme . '/images/magnifier.png" title="' . _('Search') . '" alt="" />' . ' ' . $title.'</p>';
@@ -200,31 +200,31 @@
}
$ErrMsg = _('No assets were returned by the SQL because');
$DbgMsg = _('The SQL that returned an error was');
- $searchresult = DB_query($SQL, $db, $ErrMsg, $DbgMsg);
+ $SearchResult = DB_query($SQL, $db, $ErrMsg, $DbgMsg);
- if (DB_num_rows($searchresult) == 0) {
+ if (DB_num_rows($SearchResult) == 0) {
prnMsg(_('No assets were returned by this search please re-enter alternative criteria to try again'), 'info');
}
unset($_POST['Search']);
}
/* end query for list of records */
/* display list if there is more than one record */
-if (isset($searchresult) AND !isset($_POST['Select'])) {
- echo '<form action="FixedAssetItems.php" method="post">';
+if (isset($SearchResult) AND !isset($_POST['Select'])) {
+ echo '<form action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '" method="post">';
echo '<div>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
- $ListCount = DB_num_rows($searchresult);
+ $ListCount = DB_num_rows($SearchResult);
if ($ListCount > 0) {
// If the user hit the search button and there is more than one item to show
$ListPageMax = ceil($ListCount / $_SESSION['DisplayRecordsMax']);
if (isset($_POST['Next'])) {
if ($_POST['PageOffset'] < $ListPageMax) {
- $_POST['PageOffset'] = $_POST['PageOffset'] + 1;
+ $_POST['PageOffset'] ++;
}
}
if (isset($_POST['Previous'])) {
if ($_POST['PageOffset'] > 1) {
- $_POST['PageOffset'] = $_POST['PageOffset'] - 1;
+ $_POST['PageOffset']--;
}
}
if ($_POST['PageOffset'] > $ListPageMax) {
@@ -260,10 +260,10 @@
$j = 1;
$k = 0; //row counter to determine background colour
$RowIndex = 0;
- if (DB_num_rows($searchresult) <> 0) {
- DB_data_seek($searchresult, ($_POST['PageOffset'] - 1) * $_SESSION['DisplayRecordsMax']);
+ if (DB_num_rows($SearchResult) <> 0) {
+ DB_data_seek($SearchResult, ($_POST['PageOffset'] - 1) * $_SESSION['DisplayRecordsMax']);
}
- while (($myrow = DB_fetch_array($searchresult)) AND ($RowIndex <> $_SESSION['DisplayRecordsMax'])) {
+ while (($myrow = DB_fetch_array($SearchResult)) AND ($RowIndex <> $_SESSION['DisplayRecordsMax'])) {
if ($k == 1) {
echo '<tr class="EvenTableRows">';
$k = 0;
Modified: trunk/TopItems.php
===================================================================
--- trunk/TopItems.php 2012-09-08 04:28:27 UTC (rev 5636)
+++ trunk/TopItems.php 2012-09-08 06:07:30 UTC (rev 5637)
@@ -148,7 +148,7 @@
}
$SQL = $SQL . " GROUP BY salesorderdetails.stkcode
- ORDER BY " . $_POST['Sequence'] . " DESC
+ ORDER BY `" . $_POST['Sequence'] . "` DESC
LIMIT " . filter_number_format($_POST['NumberOfTopItems']);
$result = DB_query($SQL, $db);
@@ -191,13 +191,13 @@
case 'B':
$QOHResult = DB_query("SELECT sum(quantity)
FROM locstock
- WHERE stockid = '" . $myrow['stkcode'] . "'", $db);
+ WHERE stockid = '" . DB_escape_string($myrow['stkcode']) . "'", $db);
$QOHRow = DB_fetch_row($QOHResult);
$QOH = $QOHRow[0];
$QOOSQL="SELECT SUM(purchorderdetails.quantityord -purchorderdetails.quantityrecd) AS QtyOnOrder
FROM purchorders INNER JOIN purchorderdetails
ON purchorders.orderno=purchorderdetails.orderno
- WHERE purchorderdetails.itemcode='" . $myrow['stkcode'] . "'
+ WHERE purchorderdetails.itemcode='" . DB_escape_string($myrow['stkcode']) . "'
AND purchorderdetails.completed =0
AND purchorders.status<>'Cancelled'
AND purchorders.status<>'Pending'
@@ -214,7 +214,7 @@
FROM woitems INNER JOIN workorders
ON woitems.wo=workorders.wo
WHERE workorders.closed=0
- AND woitems.stockid='" . $myrow['stkcode'] . "'";
+ AND woitems.stockid='" . DB_escape_string($myrow['stkcode']) . "'";
$ErrMsg = _('The quantity on work orders for this product cannot be retrieved because');
$QOOResult = DB_query($sql, $db, $ErrMsg);
if (DB_num_rows($QOOResult) == 1) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
