[Weberp-svn] SF.net SVN: weberp:[5141] trunk
Brought to you by:
sotandeka,
tim_schofield
Menu
▾
▴
[Weberp-svn] SF.net SVN: weberp:[5141] trunk
|
From: <tim...@us...> - 2011-04-08 20:15:42
|
Revision: 5141
http://weberp.svn.sourceforge.net/weberp/?rev=5141&view=rev
Author: tim_schofield
Date: 2011-04-08 20:15:36 +0000 (Fri, 08 Apr 2011)
Log Message:
-----------
Phil: More SQL quoting and xhtml fixes
Modified Paths:
--------------
trunk/SelectSalesOrder.php
trunk/SelectWorkOrder.php
Modified: trunk/SelectSalesOrder.php
===================================================================
--- trunk/SelectSalesOrder.php 2011-04-08 20:14:05 UTC (rev 5140)
+++ trunk/SelectSalesOrder.php 2011-04-08 20:15:36 UTC (rev 5141)
@@ -14,9 +14,9 @@
for ($i=1;$i<count($_POST);$i++){
if (isset($_POST['PlacePO_' . $i])) { //checkboxes only set if they are checked
if ($OrdersToPlacePOFor==''){
- $OrdersToPlacePOFor .= ' orderno=' . $_POST['OrderNo_PO_'.$i];
+ $OrdersToPlacePOFor .= " orderno=" . $_POST['OrderNo_PO_'.$i];
} else {
- $OrdersToPlacePOFor .= ' OR orderno=' . $_POST['OrderNo_PO_'.$i];
+ $OrdersToPlacePOFor .= " OR orderno=" . $_POST['OrderNo_PO_'.$i];
}
}
}
@@ -97,9 +97,9 @@
/* if an order is/has been created already and the supplier of this item has changed - so need to finish off the order */
//if the user has authority to authorise the PO then it should be created as authorised
$AuthSQL ="SELECT authlevel
- FROM purchorderauth
- WHERE userid='".$_SESSION['UserID']."'
- AND currabrev='".$SuppRow['currcode']."'";
+ FROM purchorderauth
+ WHERE userid='".$_SESSION['UserID']."'
+ AND currabrev='".$SuppRow['currcode']."'";
$AuthResult=DB_query($AuthSQL,$db);
$AuthRow=DB_fetch_array($AuthResult);
@@ -280,9 +280,9 @@
$ErrMsg = _('Could not update purchase order status to Authorised');
$Debug = _('The SQL that failed was');
$result = DB_query("UPDATE purchorders SET allowprint=1,
- status='Authorised',
- stat_comment='" . $StatusComment . "'
- WHERE orderno='" . $PO_OrderNo . "'",
+ status='Authorised',
+ stat_comment='" . $StatusComment . "'
+ WHERE orderno='" . $PO_OrderNo . "'",
$db,$ErrMsg,$DbgMsg,true);
} else { // no authority to authorise this order
if (DB_num_rows($AuthResult) ==0){
Modified: trunk/SelectWorkOrder.php
===================================================================
--- trunk/SelectWorkOrder.php 2011-04-08 20:14:05 UTC (rev 5140)
+++ trunk/SelectWorkOrder.php 2011-04-08 20:15:36 UTC (rev 5141)
@@ -9,21 +9,21 @@
include('includes/header.inc');
echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/magnifier.png" title="' . _('Search') . '" alt="" />' . ' ' . $title . '</p>';
-echo '<form action=' . $_SERVER['PHP_SELF'] .'?' .SID . ' method=post>';
+echo '<form action="' . $_SERVER['PHP_SELF'] . '" method=post>';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if (isset($_POST['ResetPart'])){
- unset($_REQUEST['SelectedStockItem']);
+ unset($_REQUEST['SelectedStockItem']);
}
if (isset($_REQUEST['WO']) AND $_REQUEST['WO']!='') {
$_REQUEST['WO'] = trim($_REQUEST['WO']);
if (!is_numeric($_REQUEST['WO'])){
- prnMsg(_('The work order number entered MUST be numeric'),'warn');
- unset ($_REQUEST['WO']);
- include('includes/footer.inc');
- exit;
+ prnMsg(_('The work order number entered MUST be numeric'),'warn');
+ unset ($_REQUEST['WO']);
+ include('includes/footer.inc');
+ exit;
} else {
echo _('Work Order Number') . ' - ' . $_REQUEST['WO'];
}
@@ -106,9 +106,9 @@
if (!isset($_REQUEST['WO']) or ($_REQUEST['WO']=='')){
echo '<table class=selection><tr><td>';
if (isset($_REQUEST['SelectedStockItem'])) {
- echo _('For the item') . ': ' . $_REQUEST['SelectedStockItem'] . ' ' . _('and') . " <input type=hidden name='SelectedStockItem' value='" . $_REQUEST['SelectedStockItem'] . "'>";
+ echo _('For the item') . ': ' . $_REQUEST['SelectedStockItem'] . ' ' . _('and') . ' <input type=hidden name="SelectedStockItem" value="' . $_REQUEST['SelectedStockItem'] . '">';
}
- echo _('Work Order number') . ": <input type=text name='WO' MAXLENGTH =8 size=9>  " . _('Processing at') . ":<select name='StockLocation'> ";
+ echo _('Work Order number') . ': <input type=text name="WO" MAXLENGTH =8 size=9>  ' . _('Processing at') . ':<select name="StockLocation"> ';
$sql = "SELECT loccode, locationname FROM locations";
@@ -117,14 +117,14 @@
while ($myrow=DB_fetch_array($resultStkLocs)){
if (isset($_POST['StockLocation'])){
if ($myrow['loccode'] == $_POST['StockLocation']){
- echo "<option selected Value='" . $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo '<option selected Value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
} else {
- echo "<option Value='" . $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo '<option Value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
} elseif ($myrow['loccode']==$_SESSION['UserStockLocation']){
- echo "<option selected Value='" . $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo '<option selected Value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
} else {
- echo "<option Value='" . $myrow['loccode'] . "'>" . $myrow['locationname'];
+ echo '<option Value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
}
@@ -136,16 +136,16 @@
}
if ($_POST['ClosedOrOpen']=='Closed_Only'){
- echo '<option selected value="Closed_Only">' . _('Closed Work Orders Only');
- echo '<option value="Open_Only">' . _('Open Work Orders Only');
+ echo '<option selected value="Closed_Only">' . _('Closed Work Orders Only') . '</option>';
+ echo '<option value="Open_Only">' . _('Open Work Orders Only') . '</option>';
} else {
- echo '<option value="Closed_Only">' . _('Closed Work Orders Only');
- echo '<option selected value="Open_Only">' . _('Open Work Orders Only');
+ echo '<option value="Closed_Only">' . _('Closed Work Orders Only') . '</option>';
+ echo '<option selected value="Open_Only">' . _('Open Work Orders Only') . '</option>';
}
echo '</select>   ';
- echo "<input type=submit name='SearchOrders' value='" . _('Search') . "'>";
- echo ' <a href="' . $rootpath . '/WorkOrderEntry.php?' . SID . '">' . _('New Work Order') . '</a></td></tr></table><br />';
+ echo '<input type=submit name="SearchOrders" value="' . _('Search') . '">';
+ echo ' <a href="' . $rootpath . '/WorkOrderEntry.php">' . _('New Work Order') . '</a></td></tr></table><br />';
}
$SQL="SELECT categoryid,
@@ -155,37 +155,38 @@
$result1 = DB_query($SQL,$db);
- echo "<table class=selection>
- <tr><th colspan=6><font size=3 color=navy>" . _('To search for work orders for a specific item use the item selection facilities below') . "</font></th></tr>
+ echo '<table class=selection>
+ <tr><th colspan=6><font size=3 color=navy>' . _('To search for work orders for a specific item use the item selection facilities below') . '</font></th></tr>
<tr>
- <td><font size=1>" . _('Select a stock category') . ":</font>
- <select name='StockCat'>";
+ <td><font size=1>' . _('Select a stock category') . ':</font>
+ <select name="StockCat">';
while ($myrow1 = DB_fetch_array($result1)) {
- echo "<option value='". $myrow1['categoryid'] . "'>" . $myrow1['categorydescription'];
+ echo '<option value="'. $myrow1['categoryid'] . '">' . $myrow1['categorydescription'] . '</option>';
}
echo '</select>
- <td><font size=1>' . _('Enter text extract(s) in the description') . ":</font></td>
- <td><input type='Text' name='Keywords' size=20 maxlength=25></td>
+ <td><font size=1>' . _('Enter text extract(s) in the description') . ':</font></td>
+ <td><input type="Text" name="Keywords" size=20 maxlength=25></td>
</tr>
<tr><td></td>
- <td><font size=3><b>" . _('OR') . ' </b></font><font size=1>' . _('Enter extract of the Stock Code') . "</b>:</font></td>
- <td><input type='Text' name='StockCode' size=15 maxlength=18></td>
+ <td><font size=3><b>' . _('OR') . ' </b></font><font size=1>' . _('Enter extract of the Stock Code') . '</b>:</font></td>
+ <td><input type="Text" name="StockCode" size=15 maxlength=18></td>
</tr>
- </table><br />";
- echo "<div class=centre><input type=submit name='SearchParts' value='" . _('Search Items Now') . "'>
- <input type=submit name='ResetPart' value='" . _('Show All') . "'></div>";
+ </table><br />';
+ echo '<div class=centre><input type=submit name="SearchParts" value="' . _('Search Items Now') . '">
+ <input type=submit name="ResetPart" value="' . _('Show All') . '"></div>';
+}
if (isset($StockItemsResult)) {
echo '<br /><table cellpadding=2 colspan=7 class=selection>';
- $TableHeader = "<tr>
- <th>" . _('Code') . "</th>
- <th>" . _('Description') . "</th>
- <th>" . _('On Hand') . "</th>
- <th>" . _('Units') . "</th>
- </tr>";
+ $TableHeader = '<tr>
+ <th>' . _('Code') . '</th>
+ <th>' . _('Description') . '</th>
+ <th>' . _('On Hand') . '</th>
+ <th>' . _('Units') . '</th>
+ </tr>';
echo $TableHeader;
$j = 1;
@@ -201,11 +202,11 @@
$k++;
}
- printf("<td><input type=submit name='SelectedStockItem' value='%s'</td>
+ printf('<td><input type=submit name="SelectedStockItem" value="%s" /></td>
<td>%s</td>
<td class=number>%s</td>
<td>%s</td>
- </tr>",
+ </tr>',
$myrow['stockid'],
$myrow['description'],
$myrow['qoh'],
@@ -293,18 +294,18 @@
echo '<br /><table cellpadding=2 colspan=7 width=95% class=selection>';
- $tableheader = "<tr>
- <th>" . _('Modify') . "</th>
- <th>" . _('Status') . "</th>
- <th>" . _('Receive') . "</th>
- <th>" . _('Issue To') . "</th>
- <th>" . _('Costing') . "</th>
- <th>" . _('Item') . "</th>
- <th>" . _('Quantity Required') . "</th>
- <th>" . _('Quantity Received') . "</th>
- <th>" . _('Quantity Outstanding') . "</th>
- <th>" . _('Required Date') . "</th>
- </tr>";
+ $tableheader = '<tr>
+ <th>' . _('Modify') . '</th>
+ <th>' . _('Status') . '</th>
+ <th>' . _('Receive') . '</th>
+ <th>' . _('Issue To') . '</th>
+ <th>' . _('Costing') . '</th>
+ <th>' . _('Item') . '</th>
+ <th>' . _('Quantity Required') . '</th>
+ <th>' . _('Quantity Received') . '</th>
+ <th>' . _('Quantity Outstanding') . '</th>
+ <th>' . _('Required Date') . '</th>
+ </tr>';
echo $tableheader;
}
@@ -320,26 +321,26 @@
$k++;
}
- $ModifyPage = $rootpath . "/WorkOrderEntry.php?" . SID . '&WO=' . $myrow['wo'];
- $Status_WO = $rootpath . '/WorkOrderStatus.php?' . SID . '&WO=' .$myrow['wo'] . '&StockID=' . $myrow['stockid'];
- $Receive_WO = $rootpath . '/WorkOrderReceive.php?' . SID . '&WO=' .$myrow['wo'] . '&StockID=' . $myrow['stockid'];
- $Issue_WO = $rootpath . '/WorkOrderIssue.php?' . SID . '&WO=' .$myrow['wo'] . '&StockID=' . $myrow['stockid'];
- $Costing_WO =$rootpath . '/WorkOrderCosting.php?' . SID . '&WO=' .$myrow['wo'];
+ $ModifyPage = $rootpath . '/WorkOrderEntry.php?WO=' . $myrow['wo'];
+ $Status_WO = $rootpath . '/WorkOrderStatus.php?WO=' .$myrow['wo'] . '&StockID=' . $myrow['stockid'];
+ $Receive_WO = $rootpath . '/WorkOrderReceive.php?WO=' .$myrow['wo'] . '&StockID=' . $myrow['stockid'];
+ $Issue_WO = $rootpath . '/WorkOrderIssue.php?WO=' .$myrow['wo'] . '&StockID=' . $myrow['stockid'];
+ $Costing_WO =$rootpath . '/WorkOrderCosting.php?WO=' .$myrow['wo'];
$FormatedRequiredByDate = ConvertSQLDate($myrow['requiredby']);
- printf("<td><a href='%s'>%s</a></td>
- <td><a href='%s'>" . _('Status') . "</a></td>
- <td><a href='%s'>" . _('Receive') . "</a></td>
- <td><a href='%s'>" . _('Issue To') . "</a></td>
- <td><a href='%s'>" . _('Costing') . "</a></td>
+ printf('<td><a href="%s">%s</a></td>
+ <td><a href="%s">' . _('Status') . '</a></td>
+ <td><a href="%s">' . _('Receive') . '</a></td>
+ <td><a href="%s">' . _('Issue To') . '</a></td>
+ <td><a href="%s">' . _('Costing') . '</a></td>
<td>%s - %s</td>
<td class=number>%s</td>
<td class=number>%s</td>
<td class=number>%s</td>
<td>%s</td>
- </tr>",
+ </tr>',
$ModifyPage,
$myrow['wo'],
$Status_WO,
@@ -365,12 +366,9 @@
echo '</table>';
}
-echo "<script>defaultControl(document.forms[0].WO);</script>";
+echo '<script>defaultControl(document.forms[0].WO);</script>';
-?>
-</form>
+echo '</form>';
-<?php }
-
include('includes/footer.inc');
?>
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
