$input_error = 1;
display_error(_("The sales person name cannot be empty."));
}
-
+ $pr1 = check_num('provision', 0,100);
+ if (!$pr1 || !check_num('provision2', 0, 100)) {
+ $input_error = 1;
+ display_error( _("Salesman provision cannot be less than 0 or more than 100%."));
+ set_focus(!$pr1 ? 'provision' : 'provision2');
+ }
+ if (!check_num('break_pt', 0)) {
+ $input_error = 1;
+ display_error( _("Salesman provision breakpoint must be numeric and not less than 0."));
+ set_focus('break_pt');
+ }
if ($input_error != 1)
{
if (isset($selected_id))
{
/*selected_id could also exist if submit had not been clicked this code would not run in this case cos submit is false of course see the delete code below*/
- $sql = "UPDATE ".TB_PREF."salesman SET salesman_name='" . $_POST['salesman_name'] . "',
- salesman_phone='" . $_POST['salesman_phone'] . "',
- salesman_fax='" . $_POST['salesman_fax'] . "',
- salesman_email='" . $_POST['salesman_email'] . "',
- provision=".$_POST['provision'].",
- break_pt=".$_POST['break_pt'].",
- provision2=".$_POST['provision2']."
+ $sql = "UPDATE ".TB_PREF."salesman SET salesman_name=".db_escape($_POST['salesman_name']) . ",
+ salesman_phone=".db_escape($_POST['salesman_phone']) . ",
+ salesman_fax=".db_escape($_POST['salesman_fax']) . ",
+ salesman_email=".db_escape($_POST['salesman_email']) . ",
+ provision=".input_num('provision').",
+ break_pt=".input_num('break_pt').",
+ provision2=".input_num('provision2')."
WHERE salesman_code = '$selected_id'";
}
else
/*Selected group is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Sales-person form */
$sql = "INSERT INTO ".TB_PREF."salesman (salesman_name, salesman_phone, salesman_fax, salesman_email,
provision, break_pt, provision2)
- VALUES ('" . $_POST['salesman_name'] . "', '" . $_POST['salesman_phone'] . "', '" . $_POST['salesman_fax'] . "', '" . $_POST['salesman_email'] . "', ".
- $_POST['provision'].", ".$_POST['break_pt'].", ".$_POST['provision2'].")";
+ VALUES (".db_escape($_POST['salesman_name']) . ", "
+ .db_escape($_POST['salesman_phone']) . ", "
+ .db_escape($_POST['salesman_fax']) . ", "
+ .db_escape($_POST['salesman_email']) . ", ".
+ input_num('provision').", ".input_num('break_pt').", "
+ .input_num('provision2').")";
}
//run the sql from either of the above possibilites
label_cell($myrow["salesman_phone"]);
label_cell($myrow["salesman_fax"]);
label_cell($myrow["salesman_email"]);
- percent_cell($myrow["provision"]);
+ label_cell(percent_format($myrow["provision"])." %", "nowrap align=right");
amount_cell($myrow["break_pt"]);
- percent_cell($myrow["provision2"]);
+ label_cell(percent_format($myrow["provision2"])." %", "nowrap align=right");
edit_link_cell(SID . "selected_id=" . $myrow["salesman_code"]);
delete_link_cell(SID . "selected_id=" . $myrow["salesman_code"]. "&delete=1");
end_row();
$_POST['salesman_phone'] = $myrow["salesman_phone"];
$_POST['salesman_fax'] = $myrow["salesman_fax"];
$_POST['salesman_email'] = $myrow["salesman_email"];
- $_POST['provision'] = $myrow["provision"];
- $_POST['break_pt'] = $myrow["break_pt"];
- $_POST['provision2'] = $myrow["provision2"];
+ $_POST['provision'] = percent_format($myrow["provision"]);
+ $_POST['break_pt'] = price_format($myrow["break_pt"]);
+ $_POST['provision2'] = percent_format($myrow["provision2"]);
hidden('selected_id', $selected_id);
}
text_row_ex(_("Telephone number:"), 'salesman_phone', 20);
text_row_ex(_("Fax number:"), 'salesman_fax', 20);
text_row_ex(_("Email:"), 'salesman_email', 40);
-percent_row(_("Provision"), 'provision');
+percent_row(_("Provision").':', 'provision');
amount_row(_("Break Pt.:"), 'break_pt');
-percent_row(_("Provision")." 2", 'provision2');
+percent_row(_("Provision")." 2:", 'provision2');
end_table(1);
submit_add_or_update_center(!isset($selected_id));