Activated strict SQL mode, minor SQL injection fix, fixed _vl() debug helper.

[fa-stable.git] / includes / db / class.reflines_db.inc

diff --git a/includes/db/class.reflines_db.inc b/includes/db/class.reflines_db.inc
index 344a18bf47e2eeda14a59ac117abfb41cd1d9d98..277ebe74dbe2f8dce456f6fc8d0adf9510d9bfff 100644 (file)
--- a/includes/db/class.reflines_db.inc
+++ b/includes/db/class.reflines_db.inc
@@ -17,13 +17,13 @@ include_once 'class.data_set.inc';
 **/
 
 class reflines_db extends data_set {
-       function reflines_db()
+       function __construct()
        {
                $this->set_validator('prefix:ui:_check_prefix', _("This prefix conflicts with another one already defined. Prefix have to be unambigous."));
                $this->set_validator('prefix:ui:_check_template', _("Invalid template format."));
                $this->set_validator('trans_type:ui:required', _("Transaction type cannot be empty."));
                $this->set_validator('pattern:ui:required', _("Next reference cannot be empty."));
-               $this->data_set('reflines', 
+               parent::__construct('reflines', 
                        array('trans_type', 'prefix', 'description', 'default', 'pattern', 'id', 'inactive'), 
                        'id');
        }
@@ -79,12 +79,12 @@ class reflines_db extends data_set {
        {
 
                $sql = "SELECT *
-                       FROM (SELECT r.* FROM 0_refs r 
+                       FROM (SELECT r.* FROM ".TB_PREF."refs r 
                                LEFT JOIN ".TB_PREF."voided as v
                                        ON r.id=v.id AND r.type=v.type
                                WHERE r.type=".db_escape($trans_type)." AND ISNULL(v.id)
                                ) ref
-                       LEFT JOIN 0_reflines line ON ref.type=line.trans_type AND substr(ref.reference,1, LENGTH(line.prefix))= line.prefix AND line.prefix<>''
+                       LEFT JOIN ".TB_PREF."reflines line ON ref.type=line.trans_type AND substr(ref.reference,1, LENGTH(line.prefix))= line.prefix AND line.prefix<>''
                        WHERE ".($prefix == '' ? "ISNULL(prefix)" : "prefix=".db_escape($prefix));
 
                $res = db_query($sql, "cannot check reference line");
@@ -139,6 +139,7 @@ class reflines_db extends data_set {
        function count($type, $all=false)
        {
                $sql = "SELECT count(*) FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type);
+
                if (!$all)
                        $sql .= " AND !inactive";
                $result = db_query($sql, "cannot retreive refline count for transaction type $type");
@@ -149,10 +150,10 @@ class reflines_db extends data_set {
        /*
                Recognize refline by reference prefix
        */
-       function find_refline_id($reference, $type, $fallback = true)
+       function find_refline_id($reference, $type, $fallback=true)
        {
                $sql = "SELECT * FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type)
-                       ." AND CHAR_LENGTH(`prefix`) AND LEFT('$reference', CHAR_LENGTH(`prefix`)) = `prefix`";
+                       ." AND CHAR_LENGTH(`prefix`) AND LEFT(".db_escape($reference).", CHAR_LENGTH(`prefix`)) = `prefix`";
                if ($fallback)  // if not found return refline with empty prefix
                        $sql .= " UNION SELECT * FROM ".TB_PREF."reflines WHERE trans_type=".db_escape($type)." AND `prefix`=''";
                $ret = db_query($sql, "cannot check reference line id");
@@ -167,7 +168,7 @@ class reflines_db extends data_set {
        function save_next($type, $reference, $line=null)
        {
            $sql = "UPDATE ".TB_PREF."reflines SET pattern=SUBSTRING(" . db_escape(trim($reference)) .", LENGTH(`prefix`)+1)"
-               . " WHERE trans_type = ".db_escape($type) . " AND ";
+               . " WHERE trans_type = ".db_escape($type)." AND ";
 
                if (isset($line))
                        $sql .= "`id`=".db_escape($line);