MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 9;
-$path_to_root="../..";
+$page_security = 'SA_BOM';
+$path_to_root = "../..";
include_once($path_to_root . "/includes/session.inc");
-page(_("Bill Of Materials"));
+page(_($help_context = "Bill Of Materials"));
include_once($path_to_root . "/includes/date_functions.inc");
include_once($path_to_root . "/includes/ui.inc");
/* returns true ie 1 if the bom contains the parent part as a component
ie the bom is recursive otherwise false ie 0 */
- $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent='$component_to_check'";
+ $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent=".db_escape($component_to_check);
$result = db_query($sql,"could not check recursive bom");
if ($result != 0)
if ($selected_component != -1)
{
- $sql = "UPDATE ".TB_PREF."bom SET workcentre_added='" . $_POST['workcentre_added'] . "',
- loc_code='" . $_POST['loc_code'] . "',
+ $sql = "UPDATE ".TB_PREF."bom SET workcentre_added=".db_escape($_POST['workcentre_added'])
+ . ",loc_code=".db_escape($_POST['loc_code']) . ",
quantity= " . input_num('quantity') . "
- WHERE parent='" . $selected_parent . "'
- AND id='" . $selected_component . "'";
+ WHERE parent=".db_escape($selected_parent) . "
+ AND id=".db_escape($selected_component);
check_db_error("Could not update this bom component", $sql);
db_query($sql,"could not update bom");
/*Now check to see that the component is not already on the bom */
$sql = "SELECT component FROM ".TB_PREF."bom
- WHERE parent='$selected_parent'
- AND component='" . $_POST['component'] . "'
- AND workcentre_added='" . $_POST['workcentre_added'] . "'
- AND loc_code='" . $_POST['loc_code'] . "'" ;
+ WHERE parent=".db_escape($selected_parent)."
+ AND component=".db_escape($_POST['component']) . "
+ AND workcentre_added=".db_escape($_POST['workcentre_added']) . "
+ AND loc_code=".db_escape($_POST['loc_code']);
$result = db_query($sql,"check failed");
if (db_num_rows($result) == 0)
{
$sql = "INSERT INTO ".TB_PREF."bom (parent, component, workcentre_added, loc_code, quantity)
- VALUES ('$selected_parent', '" . $_POST['component'] . "', '"
- . $_POST['workcentre_added'] . "', '" . $_POST['loc_code'] . "', "
+ VALUES (".db_escape($selected_parent).", ".db_escape($_POST['component']) . ","
+ .db_escape($_POST['workcentre_added']) . ", ".db_escape($_POST['loc_code']) . ", "
. input_num('quantity') . ")";
db_query($sql,"check failed");
if ($Mode == 'Delete')
{
- $sql = "DELETE FROM ".TB_PREF."bom WHERE id='" . $selected_id. "'";
+ $sql = "DELETE FROM ".TB_PREF."bom WHERE id=".db_escape($selected_id);
db_query($sql,"Could not delete this bom components");
display_notification(_("The component item has been deleted from this bom"));
//--------------------------------------------------------------------------------------------------
-start_form(false, true);
+start_form();
-echo "<center>" . _("Select a manufacturable item:") . " ";
-stock_bom_items_list('stock_id', null, false, true);
-echo "</center><br>";
+start_form(false, true);
+start_table("class='tablestyle_noborder'");
+stock_manufactured_items_list_row(_("Select a manufacturable item:"), 'stock_id', null, false, true);
+if (list_updated('stock_id'))
+ $Ajax->activate('_page_body');
+end_table();
+br();
end_form();
-if (isset($_POST['_stock_id_update']))
- $Ajax->activate('_page_body');
//--------------------------------------------------------------------------------------------------
if (get_post('stock_id') != '')
start_form();
display_bom_items($selected_parent);
-//end_form();
//--------------------------------------------------------------------------------------
echo '<br>';
-// start_form(false, true);
start_table($table_style2);
{
if ($Mode == 'Edit') {
//editing a selected component from the link to the line item
- $sql = "SELECT ".TB_PREF."bom.*,".TB_PREF."stock_master.description FROM ".TB_PREF."bom,".TB_PREF."stock_master
- WHERE id='$selected_id'
+ $sql = "SELECT ".TB_PREF."bom.*,".TB_PREF."stock_master.description FROM "
+ .TB_PREF."bom,".TB_PREF."stock_master
+ WHERE id=".db_escape($selected_id)."
AND ".TB_PREF."stock_master.stock_id=".TB_PREF."bom.component";
$result = db_query($sql, "could not get bom");
$myrow = db_fetch($result);
$_POST['loc_code'] = $myrow["loc_code"];
+ $_POST['component'] = $myrow["component"]; // by Tom Moulton
$_POST['workcentre_added'] = $myrow["workcentre_added"];
$_POST['quantity'] = number_format2($myrow["quantity"], get_qty_dec($myrow["component"]));
label_row(_("Component:"), $myrow["component"] . " - " . $myrow["description"]);
label_cell(_("Component:"));
echo "<td>";
- stock_component_items_list('component', $selected_parent, null, false, true);
+ echo stock_component_items_list('component', $selected_parent, null, false, true);
if (get_post('_component_update'))
{
$Ajax->activate('quantity');
qty_row(_("Quantity:"), 'quantity', null, null, null, $dec);
end_table(1);
- submit_add_or_update_center($selected_id == -1, '', true);
+ submit_add_or_update_center($selected_id == -1, '', 'both');
end_form();
}
// ----------------------------------------------------------------------------------