Cleanup in db_pager get_sql and testing it.

diff --git a/admin/view_print_transaction.php b/admin/view_print_transaction.php
index 5b283b4159d485458c3893c99a91484033ff515b..a386cbfdd0ff2bddd9075bf31c51ae96d710fa00 100644 (file)
--- a/admin/view_print_transaction.php
+++ b/admin/view_print_transaction.php
@@ -113,11 +113,11 @@ function handle_search()
        if (check_valid_entries()==true)
        {
                $trans_ref = false;
-               $sql = get_sql_for_view_transactions($_POST['filterType'], $_POST['FromTransNo'], $_POST['ToTransNo'], $trans_ref);
+               $sql = get_sql_for_view_transactions(get_post('filterType'), get_post('FromTransNo'), get_post('ToTransNo'), $trans_ref);
                if ($sql == "")
                        return;
 
-               $print_type = $_POST['filterType'];
+               $print_type = get_post('filterType');
                $print_out = ($print_type == ST_SALESINVOICE || $print_type == ST_CUSTCREDIT || $print_type == ST_CUSTDELIVERY ||
                        $print_type == ST_PURCHORDER || $print_type == ST_SALESORDER || $print_type == ST_SALESQUOTE ||
                        $print_type == ST_CUSTPAYMENT || $print_type == ST_SUPPAYMENT || $print_type == ST_WORKORDER);

diff --git a/admin/void_transaction.php b/admin/void_transaction.php
index eff9a4229633efa3270192466d85e04462160d57..a77cbce983571970a3629fcecc9a048179bc0f6a 100644 (file)
--- a/admin/void_transaction.php
+++ b/admin/void_transaction.php
@@ -173,7 +173,7 @@ function voiding_controls()
     end_table(1);
     
        $trans_ref = false;
-       $sql = get_sql_for_view_transactions($_POST['filterType'], $_POST['FromTransNo'], $_POST['ToTransNo'], $trans_ref);
+       $sql = get_sql_for_view_transactions(get_post('filterType'), get_post('FromTransNo'), get_post('ToTransNo'), $trans_ref);
        if ($sql == "")
                return;
 

diff --git a/dimensions/inquiry/search_dimensions.php b/dimensions/inquiry/search_dimensions.php
index 95ff4aebe65f3688c73063452a811a314394b29d..ea1781a10d305153ecefc444e5ae1679dfc04a22 100644 (file)
--- a/dimensions/inquiry/search_dimensions.php
+++ b/dimensions/inquiry/search_dimensions.php
@@ -122,7 +122,7 @@ function edit_link($row)
 }
 
 $sql = get_sql_for_search_dimensions($dim, $_POST['FromDate'], $_POST['ToDate'],
-       $_POST['OrderNumber'], $_POST['type_'], $_POST['OpenOnly'], $_POST['OverdueOnly']);
+       $_POST['OrderNumber'], $_POST['type_'], check_value('OpenOnly'), check_value('OverdueOnly'));
 
 $cols = array(
        _("#") => array('fun'=>'view_link'), 

diff --git a/gl/bank_account_reconcile.php b/gl/bank_account_reconcile.php
index 668143d0bdbce7779b3f106531f580c6b0dd1b21..a6d8dd650f88ec48c946f9ad0f51d7bacd6ce8aa 100644 (file)
--- a/gl/bank_account_reconcile.php
+++ b/gl/bank_account_reconcile.php
@@ -221,7 +221,7 @@ echo "<hr>";
 if (!isset($_POST['bank_account']))
     $_POST['bank_account'] = "";
 
-$sql = get_sql_for_bank_account_reconcile($_POST['bank_account'], get_post('reconcile_date'));
+$sql = get_sql_for_bank_account_reconcile(get_post('bank_account'), get_post('reconcile_date'));
 
 $act = get_bank_account($_POST["bank_account"]);
 display_heading($act['bank_account_name']." - ".$act['bank_curr_code']);

diff --git a/gl/manage/exchange_rates.php b/gl/manage/exchange_rates.php
index c96c22a4f5e6a615423c8a8bf6f2e32df0f29493..e2e989a11c1f34c1378be6cf097708096587b452 100644 (file)
--- a/gl/manage/exchange_rates.php
+++ b/gl/manage/exchange_rates.php
@@ -187,9 +187,9 @@ if ($_POST['curr_abrev'] != get_global_curr_code())
        $selected_id = "";
 }
 
-set_global_curr_code($_POST['curr_abrev']);
+set_global_curr_code(get_post('curr_abrev'));
 
-$sql = get_sql_for_exchange_rates($_POST['curr_abrev']);
+$sql = get_sql_for_exchange_rates(get_post('curr_abrev'));
 
 $cols = array(
        _("Date to Use From") => 'date', 
@@ -199,7 +199,7 @@ $cols = array(
 );
 $table =& new_db_pager('orders_tbl', $sql, $cols);
 
-if (is_company_currency($_POST['curr_abrev']))
+if (is_company_currency(get_post('curr_abrev')))
 {
 
        display_note(_("The selected currency is the company currency."), 2);

diff --git a/manufacturing/includes/db/work_orders_db.inc b/manufacturing/includes/db/work_orders_db.inc
index 12332c785e763ba1b39b9313beb5be49ddb0f264..35c00d392d882cc627fa6c9e27b112d74c473288 100644 (file)
--- a/manufacturing/includes/db/work_orders_db.inc
+++ b/manufacturing/includes/db/work_orders_db.inc
@@ -337,7 +337,7 @@ function get_sql_for_work_orders($outstanding_only, $stock_id, $location = ALL_T
                $sql .= " AND workorder.wo_ref LIKE ".db_escape('%'.$order.'%');
        }
 
-       if ($stock_id != '')
+       if ($stock_id != ALL_TEXT)
        {
                $sql .= " AND workorder.stock_id=".db_escape($stock_id);
        }

diff --git a/manufacturing/inquiry/where_used_inquiry.php b/manufacturing/inquiry/where_used_inquiry.php
index f12784761b80a704a5c9202802ee4062bb0b8476..62f7d91b870e483ca05206a2f92bf7f090ef3645 100644 (file)
--- a/manufacturing/inquiry/where_used_inquiry.php
+++ b/manufacturing/inquiry/where_used_inquiry.php
@@ -37,7 +37,7 @@ function select_link($row)
                "/manufacturing/manage/bom_edit.php?stock_id=" . $row["parent"]);
 }
 
-$sql = get_sql_for_where_used($_POST['stock_id']);
+$sql = get_sql_for_where_used(get_post('stock_id'));
 
    $cols = array(
        _("Parent Item") => array('fun'=>'select_link'), 

diff --git a/manufacturing/search_work_orders.php b/manufacturing/search_work_orders.php
index 9becd5b167cc624065b8383a2000474b5136101c..106114af07be77210318f3b52823e57f34237487 100644 (file)
--- a/manufacturing/search_work_orders.php
+++ b/manufacturing/search_work_orders.php
@@ -153,8 +153,8 @@ function dec_amount($row, $amount)
        return number_format2($amount, $row['decimals']);
 }
 
-$sql = get_sql_for_work_orders($outstanding_only, $_POST['SelectedStockItem'], $_POST['StockLocation'],
-       $_POST['OrderNumber'], check_value('OverdueOnly'));
+$sql = get_sql_for_work_orders($outstanding_only, get_post('SelectedStockItem'), get_post('StockLocation'), get_post('OrderNumber'), 
+       check_value('OverdueOnly'));
 
 $cols = array(
        _("#") => array('fun'=>'view_link', 'ord'=>''), 

diff --git a/purchasing/includes/db/po_db.inc b/purchasing/includes/db/po_db.inc
index 30978da91afddffbcceab24c6099f99a897bfe43..510851429058f523a0de2b677e4f9f2cc6661c79 100644 (file)
--- a/purchasing/includes/db/po_db.inc
+++ b/purchasing/includes/db/po_db.inc
@@ -293,7 +293,6 @@ function get_short_info($stock_id)
 function get_sql_for_po_search_completed($from, $to, $supplier_id=ALL_TEXT, $location=ALL_TEXT,
        $order_number = '', $stock_id = '')
 {
-
        $sql = "SELECT 
                porder.order_no, 
                porder.reference, 
@@ -314,7 +313,7 @@ function get_sql_for_po_search_completed($from, $to, $supplier_id=ALL_TEXT, $loc
 
        if ($supplier_id != ALL_TEXT)
                $sql .= "AND supplier.supplier_id=".$supplier_id." ";
-       if (isset($order_number) && $order_number != "")
+       if ($order_number != "")
        {
                $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
        }
@@ -331,7 +330,7 @@ function get_sql_for_po_search_completed($from, $to, $supplier_id=ALL_TEXT, $loc
                {
                        $sql .= " AND porder.into_stock_location = ".db_escape($location);
                }
-               if (isset($selected_stock_item))
+               if ($stock_id !== '')
                {
                        $sql .= " AND line.item_code=".db_escape($stock_id);
                }
@@ -344,10 +343,8 @@ function get_sql_for_po_search_completed($from, $to, $supplier_id=ALL_TEXT, $loc
        return $sql;
 }
 
-function get_sql_for_po_search($from, $to, $supplier_id=ALL_TEXT, $location=ALL_TEXT)
+function get_sql_for_po_search($from, $to, $supplier_id=ALL_TEXT, $location=ALL_TEXT, $order_number='', $stock_id='')
 {
-       global $all_items, $order_number, $selected_stock_item;;
-       
        $sql = "SELECT 
                porder.order_no, 
                porder.reference,
@@ -369,7 +366,7 @@ function get_sql_for_po_search($from, $to, $supplier_id=ALL_TEXT, $location=ALL_
                AND location.loc_code = porder.into_stock_location
                AND (line.quantity_ordered > line.quantity_received) ";
 
-       if (isset($order_number) && $order_number != "")
+       if ($order_number != "")
        {
                $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
        }
@@ -386,9 +383,9 @@ function get_sql_for_po_search($from, $to, $supplier_id=ALL_TEXT, $location=ALL_
                        $sql .= " AND porder.into_stock_location = ".db_escape($location);
                }
 
-               if (isset($selected_stock_item))
+               if ($stock_id != '')
                {
-                       $sql .= " AND line.item_code=".db_escape($selected_stock_item);
+                       $sql .= " AND line.item_code=".db_escape($stock_id);
                }
                if ($supplier_id != ALL_TEXT)
                        $sql .= " AND supplier.supplier_id=".db_escape($supplier_id);

diff --git a/purchasing/inquiry/po_search.php b/purchasing/inquiry/po_search.php
index f7419b02e3a4f969aedf3518ca58ccefd898572d..f3203f6361126a16d0d5c1da5f87ddb17a42d99f 100644 (file)
--- a/purchasing/inquiry/po_search.php
+++ b/purchasing/inquiry/po_search.php
@@ -107,14 +107,9 @@ function check_overdue($row)
 }
 //---------------------------------------------------------------------------------------------
 
-if (isset($_POST['order_number']) && ($_POST['order_number'] != ""))
-{
-       $order_number = $_POST['order_number'];
-}
-
 //figure out the sql required from the inputs available
-$sql = get_sql_for_po_search($_POST['OrdersAfterDate'], $_POST['OrdersToDate'], $_POST['supplier_id'],
-       $_POST['StockLocation']);
+$sql = get_sql_for_po_search(get_post('OrdersAfterDate'), get_post('OrdersToDate'), get_post('supplier_id'), get_post('StockLocation'),
+       $_POST['order_number'], get_post('SelectStockFromList'));
 
 //$result = db_query($sql,"No orders were returned");
 

diff --git a/purchasing/inquiry/po_search_completed.php b/purchasing/inquiry/po_search_completed.php
index 3d3acbe2a95e20d76d473584e6b0e1062db99dfd..cb67ab7d4ba5a4d71ba71964a542df0704f778a5 100644 (file)
--- a/purchasing/inquiry/po_search_completed.php
+++ b/purchasing/inquiry/po_search_completed.php
@@ -26,7 +26,7 @@ page(_($help_context = "Search Purchase Orders"), false, false, "", $js);
 
 if (isset($_GET['order_number']))
 {
-       $order_number = $_GET['order_number'];
+       $_POST['order_number'] = $_GET['order_number'];
 }
 
 //-----------------------------------------------------------------------------------
@@ -119,8 +119,7 @@ function prt_link($row)
 //---------------------------------------------------------------------------------------------
 
 $sql = get_sql_for_po_search_completed(get_post('OrdersAfterDate'), get_post('OrdersToDate'),
-       get_post('supplier_id') !== '' ? get_post('supplier_id') : ALL_TEXT,
-       get_post('StockLocation'), get_post('order_number'), get_post('SelectStockFromList'));
+       get_post('supplier_id'), get_post('StockLocation'), get_post('order_number'), get_post('SelectStockFromList'));
 
 $cols = array(
                _("#") => array('fun'=>'trans_view', 'ord'=>''), 

diff --git a/purchasing/inquiry/supplier_allocation_inquiry.php b/purchasing/inquiry/supplier_allocation_inquiry.php
index 3c97c51c6d0c1f239832b46d55e8f20e5701a115..62dddd94e5857af686719310324b63712a1b7b74 100644 (file)
--- a/purchasing/inquiry/supplier_allocation_inquiry.php
+++ b/purchasing/inquiry/supplier_allocation_inquiry.php
@@ -120,8 +120,8 @@ function fmt_credit($row)
 }
 //------------------------------------------------------------------------------------------------
 
-$sql = get_sql_for_supplier_allocation_inquiry($_POST['TransAfterDate'],$_POST['TransToDate'],
-       $_POST['filterType'], $_POST['supplier_id'], check_value('showSettled'));
+$sql = get_sql_for_supplier_allocation_inquiry(get_post('TransAfterDate'),get_post('TransToDate'),
+       get_post('filterType'), get_post('supplier_id'), check_value('showSettled'));
 
 $cols = array(
        _("Type") => array('fun'=>'systype_name'),

diff --git a/purchasing/inquiry/supplier_inquiry.php b/purchasing/inquiry/supplier_inquiry.php
index 5f58bd9fd0ad7a24dd73a6af6c8d67dcd9ab196f..d89d5d3590a8b8c10a9d063d286f0f8d00ce25a9 100644 (file)
--- a/purchasing/inquiry/supplier_inquiry.php
+++ b/purchasing/inquiry/supplier_inquiry.php
@@ -167,7 +167,7 @@ function edit_link($row)
 }
 //------------------------------------------------------------------------------------------------
 
-$sql = get_sql_for_supplier_inquiry($_POST['filterType'], $_POST['TransAfterDate'], $_POST['TransToDate'], $_POST['supplier_id']);
+$sql = get_sql_for_supplier_inquiry(get_post('filterType'), get_post('TransAfterDate'), get_post('TransToDate'), get_post('supplier_id'));
 
 $cols = array(
                        _("Type") => array('fun'=>'systype_name', 'ord'=>''), 

diff --git a/sales/includes/db/cust_trans_db.inc b/sales/includes/db/cust_trans_db.inc
index 1f3e42ca3256ad880d6ffadbd2046b8bf73c7af4..f9c12a4dcd42523990e94d8c3fe216d4410eaf2e 100644 (file)
--- a/sales/includes/db/cust_trans_db.inc
+++ b/sales/includes/db/cust_trans_db.inc
@@ -401,7 +401,7 @@ function get_sql_for_sales_deliveries_view($from, $to, $customer_id, $stock_item
        //figure out the sql required from the inputs available
        if ($delivery)
        {
-               $sql .= " AND trans.trans_no LIKE %".db_escape($delivery);
+               $sql .= " AND trans.trans_no LIKE ".db_escape('%' . $delivery . '%');
                $sql .= " GROUP BY trans.trans_no";
        }
        else
@@ -409,7 +409,7 @@ function get_sql_for_sales_deliveries_view($from, $to, $customer_id, $stock_item
                $sql .= " AND trans.tran_date >= '".date2sql($from)."'";
                $sql .= " AND trans.tran_date <= '".date2sql($to)."'";
 
-               if ($stock_item)
+               if ($stock_item != ALL_TEXT)
                        $sql .= " AND line.stock_id=".db_escape($stock_item)." ";
 
                if ($location != ALL_TEXT)

diff --git a/sales/includes/db/sales_order_db.inc b/sales/includes/db/sales_order_db.inc
index 3344738038866627eaf0554aeb7fddb06dc96447..e851f747ecab892c10cd9a643463456c45707963 100644 (file)
--- a/sales/includes/db/sales_order_db.inc
+++ b/sales/includes/db/sales_order_db.inc
@@ -465,7 +465,7 @@ function get_branch_to_order($customer_id, $branch_id) {
        PrepaidOrders
 */
 function get_sql_for_sales_orders_view($trans_type, $trans_no, $filter, 
-       $stock_item=null, $from='', $to='', $ref='', $location='', $customer_id=ALL_TEXT)
+       $stock_item='', $from='', $to='', $ref='', $location=ALL_TEXT, $customer_id=ALL_TEXT)
 {
 
        $sql = "SELECT 
@@ -515,8 +515,7 @@ function get_sql_for_sales_orders_view($trans_type, $trans_no, $filter,
        elseif ($ref != "")
        {
                // search orders with reference like 
-               $number_like = "%".$ref."%";
-               $sql .= " AND sorder.reference LIKE ".db_escape($number_like);
+               $sql .= " AND sorder.reference LIKE ".db_escape('%' . $ref . '%');
 //                             ." GROUP BY sorder.order_no";
        }
        else    // ... or select inquiry constraints
@@ -536,10 +535,10 @@ function get_sql_for_sales_orders_view($trans_type, $trans_no, $filter,
                //if ($selected_customer != -1)
                //      $sql .= " AND sorder.debtor_no=".db_escape($selected_customer);
 
-               if (isset($stock_item))
+               if ($stock_item != ALL_TEXT)
                        $sql .= " AND line.stk_code=".db_escape($stock_item);
 
-               if ($location)
+               if ($location != ALL_TEXT)
                        $sql .= " AND sorder.from_stk_loc = ".db_escape($location);
 
                if ($filter=='OutstandingOnly')

diff --git a/sales/inquiry/sales_deliveries_view.php b/sales/inquiry/sales_deliveries_view.php
index f6883b534631ca160a45c67368db26a98c940b71..bc1f3a9954eacf40a0af7b1982d34b55613e9fda 100644 (file)
--- a/sales/inquiry/sales_deliveries_view.php
+++ b/sales/inquiry/sales_deliveries_view.php
@@ -162,7 +162,7 @@ function check_overdue($row)
                        $row["Outstanding"]!=0;
 }
 //------------------------------------------------------------------------------------------------
-$sql = get_sql_for_sales_deliveries_view(get_post('DeliveryAfterDate'), get_post('DeliveryToDate'), get_post('customer_id'),
+$sql = get_sql_for_sales_deliveries_view(get_post('DeliveryAfterDate'), get_post('DeliveryToDate'), get_post('customer_id'),   
        get_post('SelectStockFromList'), get_post('StockLocation'), get_post('DeliveryNumber'), get_post('OutstandingOnly'));
 
 $cols = array(

diff --git a/sales/inquiry/sales_orders_view.php b/sales/inquiry/sales_orders_view.php
index 18b952565d7fc3b0225af2ec1851a74bbc383704..a9f8cf7570bb28cd79b80b387af09b5dd8a770dd 100644 (file)
--- a/sales/inquiry/sales_orders_view.php
+++ b/sales/inquiry/sales_orders_view.php
@@ -76,29 +76,6 @@ if ($use_popup_windows)
 if (user_use_date_picker())
        $js .= get_js_date_picker();
 page($_SESSION['page_title'], false, false, "", $js);
-/*
-if (isset($_GET['selected_customer']))
-{
-       $selected_customer = $_GET['selected_customer'];
-}
-elseif (isset($_POST['selected_customer']))
-{
-       $selected_customer = $_POST['selected_customer'];
-}
-else
-       $selected_customer = -1;
-*/
-//---------------------------------------------------------------------------------------------
-
-if (isset($_POST['SelectStockFromList']) && ($_POST['SelectStockFromList'] != "") &&
-       ($_POST['SelectStockFromList'] != ALL_TEXT))
-{
-       $selected_stock_item = $_POST['SelectStockFromList'];
-}
-else
-{
-       unset($selected_stock_item);
-}
 //---------------------------------------------------------------------------------------------
 //     Query format functions
 //
@@ -267,9 +244,9 @@ end_table(1);
 //---------------------------------------------------------------------------------------------
 //     Orders inquiry table
 //
-$sql = get_sql_for_sales_orders_view($trans_type, $_POST['OrderNumber'], $_POST['order_view_mode'],
-       @$selected_stock_item, @$_POST['OrdersAfterDate'], @$_POST['OrdersToDate'], @$_POST['OrderReference'], $_POST['StockLocation'],
-       get_post('customer_id') !== '' ? get_post('customer_id') : ALL_TEXT);
+$sql = get_sql_for_sales_orders_view($trans_type, get_post('OrderNumber'), get_post('order_view_mode'),
+       get_post('SelectStockFromList'), get_post('OrdersAfterDate'), get_post('OrdersToDate'), get_post('OrderReference'), get_post('StockLocation'),
+       get_post('customer_id'));
 
 if ($trans_type == ST_SALESORDER)
        $cols = array(