X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fmanage%2Fbom_edit.php;h=742c2b1a8c5f72e2ac6ad028949bd5e37587f2ca;hb=85faf95991945b3f5c570e57e232562a1a137408;hp=84f60733f7d2a1b4e84874414efeb8b516abc525;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git diff --git a/manufacturing/manage/bom_edit.php b/manufacturing/manage/bom_edit.php index 84f60733..742c2b1a 100644 --- a/manufacturing/manage/bom_edit.php +++ b/manufacturing/manage/bom_edit.php @@ -9,11 +9,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 9; -$path_to_root="../.."; +$page_security = 'SA_BOM'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); -page(_("Bill Of Materials")); +page(_($help_context = "Bill Of Materials")); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); @@ -68,7 +68,7 @@ function check_for_recursive_bom($ultimate_parent, $component_to_check) /* returns true ie 1 if the bom contains the parent part as a component ie the bom is recursive otherwise false ie 0 */ - $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent='$component_to_check'"; + $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent=".db_escape($component_to_check); $result = db_query($sql,"could not check recursive bom"); if ($result != 0) @@ -139,11 +139,11 @@ function on_submit($selected_parent, $selected_component=-1) if ($selected_component != -1) { - $sql = "UPDATE ".TB_PREF."bom SET workcentre_added='" . $_POST['workcentre_added'] . "', - loc_code='" . $_POST['loc_code'] . "', + $sql = "UPDATE ".TB_PREF."bom SET workcentre_added=".db_escape($_POST['workcentre_added']) + . ",loc_code=".db_escape($_POST['loc_code']) . ", quantity= " . input_num('quantity') . " - WHERE parent='" . $selected_parent . "' - AND id='" . $selected_component . "'"; + WHERE parent=".db_escape($selected_parent) . " + AND id=".db_escape($selected_component); check_db_error("Could not update this bom component", $sql); db_query($sql,"could not update bom"); @@ -163,17 +163,17 @@ function on_submit($selected_parent, $selected_component=-1) /*Now check to see that the component is not already on the bom */ $sql = "SELECT component FROM ".TB_PREF."bom - WHERE parent='$selected_parent' - AND component='" . $_POST['component'] . "' - AND workcentre_added='" . $_POST['workcentre_added'] . "' - AND loc_code='" . $_POST['loc_code'] . "'" ; + WHERE parent=".db_escape($selected_parent)." + AND component=".db_escape($_POST['component']) . " + AND workcentre_added=".db_escape($_POST['workcentre_added']) . " + AND loc_code=".db_escape($_POST['loc_code']); $result = db_query($sql,"check failed"); if (db_num_rows($result) == 0) { $sql = "INSERT INTO ".TB_PREF."bom (parent, component, workcentre_added, loc_code, quantity) - VALUES ('$selected_parent', '" . $_POST['component'] . "', '" - . $_POST['workcentre_added'] . "', '" . $_POST['loc_code'] . "', " + VALUES (".db_escape($selected_parent).", ".db_escape($_POST['component']) . "," + .db_escape($_POST['workcentre_added']) . ", ".db_escape($_POST['loc_code']) . ", " . input_num('quantity') . ")"; db_query($sql,"check failed"); @@ -198,7 +198,7 @@ function on_submit($selected_parent, $selected_component=-1) if ($Mode == 'Delete') { - $sql = "DELETE FROM ".TB_PREF."bom WHERE id='" . $selected_id. "'"; + $sql = "DELETE FROM ".TB_PREF."bom WHERE id=".db_escape($selected_id); db_query($sql,"Could not delete this bom components"); display_notification(_("The component item has been deleted from this bom")); @@ -213,15 +213,17 @@ if ($Mode == 'RESET') //-------------------------------------------------------------------------------------------------- -start_form(false, true); +start_form(); -echo "
" . _("Select a manufacturable item:") . " "; -stock_bom_items_list('stock_id', null, false, true); -echo "

"; +start_form(false, true); +start_table("class='tablestyle_noborder'"); +stock_manufactured_items_list_row(_("Select a manufacturable item:"), 'stock_id', null, false, true); +if (list_updated('stock_id')) + $Ajax->activate('_page_body'); +end_table(); +br(); end_form(); -if (isset($_POST['_stock_id_update'])) - $Ajax->activate('_page_body'); //-------------------------------------------------------------------------------------------------- if (get_post('stock_id') != '') @@ -233,10 +235,8 @@ if (get_post('stock_id') != '') start_form(); display_bom_items($selected_parent); -//end_form(); //-------------------------------------------------------------------------------------- echo '
'; -// start_form(false, true); start_table($table_style2); @@ -244,14 +244,16 @@ start_form(); { if ($Mode == 'Edit') { //editing a selected component from the link to the line item - $sql = "SELECT ".TB_PREF."bom.*,".TB_PREF."stock_master.description FROM ".TB_PREF."bom,".TB_PREF."stock_master - WHERE id='$selected_id' + $sql = "SELECT ".TB_PREF."bom.*,".TB_PREF."stock_master.description FROM " + .TB_PREF."bom,".TB_PREF."stock_master + WHERE id=".db_escape($selected_id)." AND ".TB_PREF."stock_master.stock_id=".TB_PREF."bom.component"; $result = db_query($sql, "could not get bom"); $myrow = db_fetch($result); $_POST['loc_code'] = $myrow["loc_code"]; + $_POST['component'] = $myrow["component"]; // by Tom Moulton $_POST['workcentre_added'] = $myrow["workcentre_added"]; $_POST['quantity'] = number_format2($myrow["quantity"], get_qty_dec($myrow["component"])); label_row(_("Component:"), $myrow["component"] . " - " . $myrow["description"]); @@ -264,7 +266,7 @@ start_form(); label_cell(_("Component:")); echo ""; - stock_component_items_list('component', $selected_parent, null, false, true); + echo stock_component_items_list('component', $selected_parent, null, false, true); if (get_post('_component_update')) { $Ajax->activate('quantity'); @@ -281,7 +283,7 @@ start_form(); qty_row(_("Quantity:"), 'quantity', null, null, null, $dec); end_table(1); - submit_add_or_update_center($selected_id == -1, '', true); + submit_add_or_update_center($selected_id == -1, '', 'both'); end_form(); } // ----------------------------------------------------------------------------------