X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fmanage%2Fbom_edit.php;h=742c2b1a8c5f72e2ac6ad028949bd5e37587f2ca;hb=ff3ad68ec5da00d6e906fdaad3a4df3658709ff3;hp=3d71cbd4dd40d9b61c31aa7caf378c98bf73d1ea;hpb=f9451becdadf75c6e4feb459123f813100acb052;p=fa-stable.git diff --git a/manufacturing/manage/bom_edit.php b/manufacturing/manage/bom_edit.php index 3d71cbd4..742c2b1a 100644 --- a/manufacturing/manage/bom_edit.php +++ b/manufacturing/manage/bom_edit.php @@ -1,10 +1,19 @@ . +***********************************************************************/ +$page_security = 'SA_BOM'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); -page(_("Bill Of Materials")); +page(_($help_context = "Bill Of Materials")); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); @@ -20,13 +29,46 @@ simple_page_mode(true); $selected_component = $selected_id; //-------------------------------------------------------------------------------------------------- +//if (isset($_GET["NewItem"])) +//{ +// $_POST['stock_id'] = $_GET["NewItem"]; +//} +if (isset($_GET['stock_id'])) +{ + $_POST['stock_id'] = $_GET['stock_id']; + $selected_parent = $_GET['stock_id']; +} + +/* selected_parent could come from a post or a get */ +/*if (isset($_GET["selected_parent"])) +{ + $selected_parent = $_GET["selected_parent"]; +} +else if (isset($_POST["selected_parent"])) +{ + $selected_parent = $_POST["selected_parent"]; +} +*/ +/* selected_component could also come from a post or a get */ +/*if (isset($_GET["selected_component"])) +{ + $selected_component = $_GET["selected_component"]; +} +else +{ + $selected_component = get_post("selected_component", -1); +} +*/ + +//-------------------------------------------------------------------------------------------------- + function check_for_recursive_bom($ultimate_parent, $component_to_check) { /* returns true ie 1 if the bom contains the parent part as a component ie the bom is recursive otherwise false ie 0 */ - $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent='$component_to_check'"; + $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent=".db_escape($component_to_check); $result = db_query($sql,"could not check recursive bom"); if ($result != 0) @@ -75,7 +117,7 @@ div_start('bom'); qty_cell($myrow["quantity"], false, get_qty_dec($myrow["component"])); label_cell($myrow["units"]); edit_button_cell("Edit".$myrow['id'], _("Edit")); - edit_button_cell("Delete".$myrow['id'], _("Delete")); + delete_button_cell("Delete".$myrow['id'], _("Delete")); end_row(); } //END WHILE LIST LOOP @@ -97,11 +139,11 @@ function on_submit($selected_parent, $selected_component=-1) if ($selected_component != -1) { - $sql = "UPDATE ".TB_PREF."bom SET workcentre_added='" . $_POST['workcentre_added'] . "', - loc_code='" . $_POST['loc_code'] . "', + $sql = "UPDATE ".TB_PREF."bom SET workcentre_added=".db_escape($_POST['workcentre_added']) + . ",loc_code=".db_escape($_POST['loc_code']) . ", quantity= " . input_num('quantity') . " - WHERE parent='" . $selected_parent . "' - AND id='" . $selected_component . "'"; + WHERE parent=".db_escape($selected_parent) . " + AND id=".db_escape($selected_component); check_db_error("Could not update this bom component", $sql); db_query($sql,"could not update bom"); @@ -121,17 +163,17 @@ function on_submit($selected_parent, $selected_component=-1) /*Now check to see that the component is not already on the bom */ $sql = "SELECT component FROM ".TB_PREF."bom - WHERE parent='$selected_parent' - AND component='" . $_POST['component'] . "' - AND workcentre_added='" . $_POST['workcentre_added'] . "' - AND loc_code='" . $_POST['loc_code'] . "'" ; + WHERE parent=".db_escape($selected_parent)." + AND component=".db_escape($_POST['component']) . " + AND workcentre_added=".db_escape($_POST['workcentre_added']) . " + AND loc_code=".db_escape($_POST['loc_code']); $result = db_query($sql,"check failed"); if (db_num_rows($result) == 0) { $sql = "INSERT INTO ".TB_PREF."bom (parent, component, workcentre_added, loc_code, quantity) - VALUES ('$selected_parent', '" . $_POST['component'] . "', '" - . $_POST['workcentre_added'] . "', '" . $_POST['loc_code'] . "', " + VALUES (".db_escape($selected_parent).", ".db_escape($_POST['component']) . "," + .db_escape($_POST['workcentre_added']) . ", ".db_escape($_POST['loc_code']) . ", " . input_num('quantity') . ")"; db_query($sql,"check failed"); @@ -156,7 +198,7 @@ function on_submit($selected_parent, $selected_component=-1) if ($Mode == 'Delete') { - $sql = "DELETE FROM ".TB_PREF."bom WHERE id='" . $selected_id. "'"; + $sql = "DELETE FROM ".TB_PREF."bom WHERE id=".db_escape($selected_id); db_query($sql,"Could not delete this bom components"); display_notification(_("The component item has been deleted from this bom")); @@ -171,30 +213,30 @@ if ($Mode == 'RESET') //-------------------------------------------------------------------------------------------------- -start_form(false, true); +start_form(); -echo "