Skip to content

Commit

Permalink
Fix strict sql
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Aug 2, 2016
1 parent fdfe333 commit 54df49a
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 21 deletions.
6 changes: 3 additions & 3 deletions htdocs/product/reassort.php
View file
Expand Up @@ -113,7 +113,7 @@

$title=$langs->trans("ProductsAndServices");

$sql = 'SELECT p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type,p.entity,';
$sql = 'SELECT p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type, p.entity,';
$sql.= ' p.fk_product_type, p.tms as datem,';
$sql.= ' p.duration, p.tosell as statut, p.tobuy, p.seuil_stock_alerte, p.desiredstock,';
$sql.= ' SUM(s.reel) as stock_physique';
Expand Down Expand Up @@ -167,7 +167,7 @@
{
$sql .= " AND cp.fk_categorie = ".$db->escape($search_categ);
}
$sql.= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type,";
$sql.= " GROUP BY p.rowid, p.ref, p.label, p.barcode, p.price, p.price_ttc, p.price_base_type, p.entity,";
$sql.= " p.fk_product_type, p.tms, p.duration, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock";
if ($toolowstock) $sql.= " HAVING SUM(".$db->ifsql('s.reel IS NULL', '0', 's.reel').") < p.seuil_stock_alerte"; // Not used yet
$sql.= $db->order($sortfield,$sortorder);
Expand Down Expand Up @@ -278,7 +278,7 @@

}
}
if ($virtualdiffersfromphysical) print_liste_field_titre($langs->trans("VirtualStock"),$_SERVER["PHP_SELF"], "stock_theorique",$param,"",'align="right"',$sortfield,$sortorder);
if ($virtualdiffersfromphysical) print_liste_field_titre($langs->trans("VirtualStock"),$_SERVER["PHP_SELF"], "",$param,"",'align="right"',$sortfield,$sortorder);
print_liste_field_titre('');
print_liste_field_titre($langs->trans("Status").' ('.$langs->trans("Sell").')',$_SERVER["PHP_SELF"], "p.tosell",$param,"",'align="right"',$sortfield,$sortorder);
print_liste_field_titre($langs->trans("Status").' ('.$langs->trans("Buy").')',$_SERVER["PHP_SELF"], "p.tobuy",$param,"",'align="right"',$sortfield,$sortorder);
Expand Down
50 changes: 32 additions & 18 deletions htdocs/product/stock/replenish.php
View file
Expand Up @@ -114,7 +114,7 @@
$supplierpriceid = GETPOST('fourn'.$i, 'int');
//get all the parameters needed to create a line
$qty = GETPOST('tobuy'.$i, 'int');
$desc = GETPOST('desc'.$i, 'alpha');
//$desc = GETPOST('desc'.$i, 'alpha');
$sql = 'SELECT fk_product, fk_soc, ref_fourn';
$sql .= ', tva_tx, unitprice FROM ';
$sql .= MAIN_DB_PREFIX . 'product_fournisseur_price';
Expand All @@ -128,8 +128,20 @@
$obj = $db->fetch_object($resql);
$line = new CommandeFournisseurLigne($db);
$line->qty = $qty;
$line->desc = $desc;
$line->fk_product = $obj->fk_product;

$product = new Product($db);
$product->fetch($obj->fk_product);
if (! empty($conf->global->MAIN_MULTILANGS))
{
$product->getMultiLangs();
}
$line->desc = $product->description;
if (! empty($conf->global->MAIN_MULTILANGS))
{
// TODO Get desc in language of thirdparty
}

$line->tva_tx = $obj->tva_tx;
$line->subprice = $obj->unitprice;
$line->total_ht = $obj->unitprice * $qty;
Expand Down Expand Up @@ -241,7 +253,7 @@

$title = $langs->trans('Status');

$sql = 'SELECT p.rowid, p.ref, p.label,p.description, p.price,';
$sql = 'SELECT p.rowid, p.ref, p.label, p.description, p.price,';
$sql.= ' p.price_ttc, p.price_base_type,p.fk_product_type,';
$sql.= ' p.tms as datem, p.duration, p.tobuy,';
$sql.= ' p.desiredstock, p.seuil_stock_alerte as alertstock,';
Expand Down Expand Up @@ -280,7 +292,7 @@
}
$sql.= ' AND p.tobuy = 1';
if (!empty($canvas)) $sql .= ' AND p.canvas = "' . $db->escape($canvas) . '"';
$sql.= ' GROUP BY p.rowid, p.ref, p.label, p.price';
$sql.= ' GROUP BY p.rowid, p.ref, p.label, p.description, p.price';
$sql.= ', p.price_ttc, p.price_base_type,p.fk_product_type, p.tms';
$sql.= ', p.duration, p.tobuy';
$sql.= ', p.desiredstock, p.seuil_stock_alerte';
Expand Down Expand Up @@ -459,20 +471,20 @@
print "</tr>\n";

// Lignes des champs de filtre
print '<tr class="liste_titre">'.
'<td class="liste_titre">&nbsp;</td>'.
'<td class="liste_titre"><input class="flat" type="text" name="sref" size="8" value="'.dol_escape_htmltag($sref).'"></td>'.
'<td class="liste_titre"><input class="flat" type="text" name="snom" size="8" value="'.dol_escape_htmltag($snom).'"></td>';
print '<tr class="liste_titre">';
print '<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre"><input class="flat" type="text" name="sref" size="8" value="'.dol_escape_htmltag($sref).'"></td>';
print '<td class="liste_titre"><input class="flat" type="text" name="snom" size="8" value="'.dol_escape_htmltag($snom).'"></td>';
if (!empty($conf->service->enabled) && $type == 1) print '<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre">&nbsp;</td>'.
'<td class="liste_titre" align="right">&nbsp;</td>'.
'<td class="liste_titre" align="right">' . $langs->trans('AlertOnly') . '&nbsp;<input type="checkbox" id="salert" name="salert" ' . (!empty($alertchecked)?$alertchecked:'') . '></td>'.
'<td class="liste_titre" align="right">&nbsp;</td>'.
'<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre" align="right">';
$searchpitco=$form->showFilterAndCheckAddButtons(0);
print $searchpitco;
print '</td>';
print '<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre" align="right">&nbsp;</td>';
print '<td class="liste_titre" align="right">' . $langs->trans('AlertOnly') . '&nbsp;<input type="checkbox" id="salert" name="salert" ' . (!empty($alertchecked)?$alertchecked:'') . '></td>';
print '<td class="liste_titre" align="right">&nbsp;</td>';
print '<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre" align="right">';
$searchpitco=$form->showFilterAndCheckAddButtons(0);
print $searchpitco;
print '</td>';
print '</tr>';

$prod = new Product($db);
Expand Down Expand Up @@ -558,7 +570,9 @@

print '<td class="nowrap">'.$prod->getNomUrl(1, '').'</td>';

print '<td>' . $objp->label . '<input type="hidden" name="desc' . $i . '" value="' . $objp->description . '" ></td>';
print '<td>'.$objp->label ;
print '<input type="hidden" name="desc' . $i . '" value="' . dol_escape_htmltag($objp->description) . '">'; // TODO Remove this and make a fetch to get description when creating order instead of a GETPOST
print '</td>';

if (!empty($conf->service->enabled) && $type == 1)
{
Expand Down

0 comments on commit 54df49a

Please sign in to comment.