X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=manufacturing%2Fmanage%2Fbom_edit.php;h=fe373a1c373c3bcf9aa6812aea9b86c0fb81f601;hb=36ec54507b7841b2352734b81e45b95e371ecdab;hp=09dfd5e9039f129bf3c94b0d658e6d8bfc5430a4;hpb=8cac19c37c960e50f7c11964510c0d09a530e7b5;p=fa-stable.git diff --git a/manufacturing/manage/bom_edit.php b/manufacturing/manage/bom_edit.php index 09dfd5e9..fe373a1c 100644 --- a/manufacturing/manage/bom_edit.php +++ b/manufacturing/manage/bom_edit.php @@ -1,7 +1,16 @@ . +***********************************************************************/ +$page_security = 'SA_BOM'; +$path_to_root = "../.."; include_once($path_to_root . "/includes/session.inc"); page(_("Bill Of Materials")); @@ -24,11 +33,11 @@ $selected_component = $selected_id; //{ // $_POST['stock_id'] = $_GET["NewItem"]; //} -//if (isset($_GET['stock_id'])) -//{ -// $_POST['stock_id'] = $_GET['stock_id']; -// $selected_parent = $_GET['stock_id']; -//} +if (isset($_GET['stock_id'])) +{ + $_POST['stock_id'] = $_GET['stock_id']; + $selected_parent = $_GET['stock_id']; +} /* selected_parent could come from a post or a get */ /*if (isset($_GET["selected_parent"])) @@ -59,7 +68,7 @@ function check_for_recursive_bom($ultimate_parent, $component_to_check) /* returns true ie 1 if the bom contains the parent part as a component ie the bom is recursive otherwise false ie 0 */ - $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent='$component_to_check'"; + $sql = "SELECT component FROM ".TB_PREF."bom WHERE parent=".db_escape($component_to_check); $result = db_query($sql,"could not check recursive bom"); if ($result != 0) @@ -108,7 +117,7 @@ div_start('bom'); qty_cell($myrow["quantity"], false, get_qty_dec($myrow["component"])); label_cell($myrow["units"]); edit_button_cell("Edit".$myrow['id'], _("Edit")); - edit_button_cell("Delete".$myrow['id'], _("Delete")); + delete_button_cell("Delete".$myrow['id'], _("Delete")); end_row(); } //END WHILE LIST LOOP @@ -130,11 +139,11 @@ function on_submit($selected_parent, $selected_component=-1) if ($selected_component != -1) { - $sql = "UPDATE ".TB_PREF."bom SET workcentre_added='" . $_POST['workcentre_added'] . "', - loc_code='" . $_POST['loc_code'] . "', + $sql = "UPDATE ".TB_PREF."bom SET workcentre_added=".db_escape($_POST['workcentre_added']) + . ",loc_code=".db_escape($_POST['loc_code']) . ", quantity= " . input_num('quantity') . " - WHERE parent='" . $selected_parent . "' - AND id='" . $selected_component . "'"; + WHERE parent=".db_escape($selected_parent) . " + AND id=".db_escape($selected_component); check_db_error("Could not update this bom component", $sql); db_query($sql,"could not update bom"); @@ -154,17 +163,17 @@ function on_submit($selected_parent, $selected_component=-1) /*Now check to see that the component is not already on the bom */ $sql = "SELECT component FROM ".TB_PREF."bom - WHERE parent='$selected_parent' - AND component='" . $_POST['component'] . "' - AND workcentre_added='" . $_POST['workcentre_added'] . "' - AND loc_code='" . $_POST['loc_code'] . "'" ; + WHERE parent=".db_escape($selected_parent)." + AND component=".db_escape($_POST['component']) . " + AND workcentre_added=".db_escape($_POST['workcentre_added']) . " + AND loc_code=".db_escape($_POST['loc_code']); $result = db_query($sql,"check failed"); if (db_num_rows($result) == 0) { $sql = "INSERT INTO ".TB_PREF."bom (parent, component, workcentre_added, loc_code, quantity) - VALUES ('$selected_parent', '" . $_POST['component'] . "', '" - . $_POST['workcentre_added'] . "', '" . $_POST['loc_code'] . "', " + VALUES (".db_escape($selected_parent).", ".db_escape($_POST['component']) . "," + .db_escape($_POST['workcentre_added']) . ", ".db_escape($_POST['loc_code']) . ", " . input_num('quantity') . ")"; db_query($sql,"check failed"); @@ -189,7 +198,7 @@ function on_submit($selected_parent, $selected_component=-1) if ($Mode == 'Delete') { - $sql = "DELETE FROM ".TB_PREF."bom WHERE id='" . $selected_component. "'"; + $sql = "DELETE FROM ".TB_PREF."bom WHERE id=".db_escape($selected_id); db_query($sql,"Could not delete this bom components"); display_notification(_("The component item has been deleted from this bom")); @@ -198,56 +207,58 @@ if ($Mode == 'Delete') if ($Mode == 'RESET') { - $selected_component = -1; + $selected_id = -1; unset($_POST['quantity']); } //-------------------------------------------------------------------------------------------------- -start_form(false, true); +start_form(); -echo "