[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4271 - in phpcompta/trunk: html include
|
From: |
phpcompta-dev |
|
Subject: |
[Phpcompta-dev] r4271 - in phpcompta/trunk: html include |
|
Date: |
Sat, 29 Oct 2011 16:46:15 +0200 (CEST) |
Author: danydb
Date: 2011-10-29 16:46:13 +0200 (Sat, 29 Oct 2011)
New Revision: 4271
Modified:
phpcompta/trunk/html/ajax_card.php
phpcompta/trunk/html/ajax_poste.php
phpcompta/trunk/html/fid.php
phpcompta/trunk/html/login.php
phpcompta/trunk/html/user_login.php
phpcompta/trunk/include/ac_common.php
phpcompta/trunk/include/action.common.inc.php
phpcompta/trunk/include/class_acc_ledger.php
phpcompta/trunk/include/class_acc_ledger_fin.php
phpcompta/trunk/include/class_acc_ledger_purchase.php
phpcompta/trunk/include/class_acc_ledger_sold.php
phpcompta/trunk/include/class_acc_parm_code.php
phpcompta/trunk/include/class_action.php
phpcompta/trunk/include/class_anc_account.php
phpcompta/trunk/include/class_anc_plan.php
phpcompta/trunk/include/class_contact.php
phpcompta/trunk/include/class_document_modele.php
phpcompta/trunk/include/class_fiche.php
phpcompta/trunk/include/class_fiche_def.php
phpcompta/trunk/include/class_iperiod.php
phpcompta/trunk/include/class_pre_operation.php
phpcompta/trunk/include/class_user.php
phpcompta/trunk/include/dossier.inc.php
phpcompta/trunk/include/export_bilan_oth.php
phpcompta/trunk/include/export_gl_csv.php
phpcompta/trunk/include/fiche.inc.php
phpcompta/trunk/include/fiche_def.inc.php
phpcompta/trunk/include/impress_bilan.inc.php
phpcompta/trunk/include/impress_jrn.inc.php
phpcompta/trunk/include/impress_rapport.inc.php
phpcompta/trunk/include/impress_rec.inc.php
phpcompta/trunk/include/modele.inc.php
phpcompta/trunk/include/param_jrn_add.inc.php
phpcompta/trunk/include/param_jrn_detail.inc.php
phpcompta/trunk/include/param_pcmn.inc.php
phpcompta/trunk/include/restore.inc.php
phpcompta/trunk/include/stock.inc.php
phpcompta/trunk/include/user_common.php
Log:
replace FormatString by sql_string
Modified: phpcompta/trunk/html/ajax_card.php
===================================================================
--- phpcompta/trunk/html/ajax_card.php 2011-10-29 13:15:17 UTC (rev 4270)
+++ phpcompta/trunk/html/ajax_card.php 2011-10-29 14:46:13 UTC (rev 4271)
@@ -233,7 +233,7 @@
/* we filter thanks a given model of card */
if ( isset($cat))
{
- $sql=$sql.sprintf(' where frd_id = '.FormatString ($cat));
+ $sql=$sql.sprintf(' where frd_id = '.sql_string ($cat));
}
else
/* we filter thanks a given list of category of card
@@ -241,7 +241,7 @@
if ( isset($fil) && strlen(trim($fil)) > 0 )
{
$sql=$sql.sprintf(" where fd_id in (%s)",
- FormatString($fil));
+ sql_string($fil));
}
}
$array=$cn->make_array($sql);
Modified: phpcompta/trunk/html/ajax_poste.php
===================================================================
--- phpcompta/trunk/html/ajax_poste.php 2011-10-29 13:15:17 UTC (rev 4270)
+++ phpcompta/trunk/html/ajax_poste.php 2011-10-29 14:46:13 UTC (rev 4271)
@@ -80,7 +80,7 @@
$str_submit=HtmlInput::submit('sf',_('Recherche'));
$r='';
$r.='<div
style="float:right;height:10px;display:block;margin-top:2px;margin-right:2px">';
- $r.= '<A style="background-color:blue;color:white;text-decoration:none"
HREF="javascript:void(0)" onclick="removeDiv(\'search_account\');">Fermer</A>';
+ $r.= '<A style="background-color:blue;color:white;text-decoration:none"
HREF="javascript:void(0)" onclick="removeDiv(\'search_account\');">Fermer</A>';
$r.='</div>';
$r.='<div> '.h2info(_('Poste Comptable')).'</div>';
@@ -117,7 +117,7 @@
/* show result */
if ( isset($q) && strlen(trim($q)) > 0)
{
- $q=sql_string($q);
+ $q= sql_string($q);
$sql.=sprintf(" $sep ( pcm_val::text like '%s%%' or pcm_lib::text
ilike '%%%s%%') ",
$q,$q);
}
Modified: phpcompta/trunk/html/fid.php
===================================================================
--- phpcompta/trunk/html/fid.php 2011-10-29 13:15:17 UTC (rev 4270)
+++ phpcompta/trunk/html/fid.php 2011-10-29 14:46:13 UTC (rev 4271)
@@ -57,8 +57,8 @@
if ( isset($_SESSION['isValid']) && $_SESSION['isValid'] == 1)
{
- $jrn=FormatString($_GET['j']);
- $d=FormatString($_GET['d']);
+ $jrn=sql_string($_GET['j']);
+ $d=sql_string($_GET['d']);
if ( $jrn == -1 )
$d='all';
Modified: phpcompta/trunk/html/login.php
===================================================================
--- phpcompta/trunk/html/login.php 2011-10-29 13:15:17 UTC (rev 4270)
+++ phpcompta/trunk/html/login.php 2011-10-29 14:46:13 UTC (rev 4271)
@@ -30,7 +30,7 @@
if ( isset ($_POST["p_user"] ) )
{
- $g_user=FormatString($_POST["p_user"]);
+ $g_user=sql_string($_POST["p_user"]);
$g_pass=$_POST["p_pass"];
$_SESSION['g_user']=$g_user;
$_SESSION['g_pass']=$g_pass;
Modified: phpcompta/trunk/html/user_login.php
===================================================================
--- phpcompta/trunk/html/user_login.php 2011-10-29 13:15:17 UTC (rev 4270)
+++ phpcompta/trunk/html/user_login.php 2011-10-29 14:46:13 UTC (rev 4271)
@@ -142,7 +142,7 @@
$filtre="";
if ( isset ($_GET ['p_nom']))
{
- $filtre=FormatString($_GET['p_nom']);
+ $filtre=sql_string($_GET['p_nom']);
}
// If admin show everything otherwise only the available dossier
Modified: phpcompta/trunk/include/ac_common.php
===================================================================
--- phpcompta/trunk/include/ac_common.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/ac_common.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -391,7 +391,14 @@
}
exit - 1;
}
-
+/**
+ * replaced by sql_string
+ * @deprecated
+ */
+function FormatString($p_string)
+{
+ return sql_string($p_string);
+}
/* !
* \brief Fix the problem with the quote char for the database
*
@@ -399,14 +406,13 @@
* \return a string which won't let strange char for the database
*/
-function FormatString($p_string)
+function sql_string($p_string)
{
$p_string = trim($p_string);
if (strlen($p_string) == 0)
return null;
- $p_string = str_replace("\'", "'", $p_string);
- $p_string = str_replace("''", "'", $p_string);
- $p_string = str_replace("'", "\'", $p_string);
+ $p_string = str_replace("'", "''", $p_string);
+ $p_string = str_replace('\\', '\\\\', $p_string);
return $p_string;
}
@@ -688,17 +694,8 @@
return $str_date;
}
-/**
- * @brief remove the quote or double quote them
- * @param $q string
- * @return string correctly quoted
- */
-function sql_string($q)
-{
- $ret = str_replace("'", "''", $q);
- return $ret;
-}
+
/**
* Should a dialog box that you are disconnected for ajax
*/
@@ -887,7 +884,7 @@
{
$array=array();
if ($p_string == '') return $array;
-
+
$var=explode("&",$p_string);
if (empty ($var)) return $array;
for ($i=0;$i < count($var);$i++)
Modified: phpcompta/trunk/include/action.common.inc.php
===================================================================
--- phpcompta/trunk/include/action.common.inc.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/action.common.inc.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -368,9 +368,9 @@
if ( isset($_REQUEST['query']) )
{
// if a query is request build the sql stmt
- $query="and (ag_title ~* '".FormatString($_REQUEST['query'])."' ".
- "or ag_ref ='".trim(FormatString($_REQUEST['query'])).
- "' or ag_comment ~*
'".trim(FormatString($_REQUEST['query']))."'".
+ $query="and (ag_title ~* '".sql_string($_REQUEST['query'])."' ".
+ "or ag_ref ='".trim(sql_string($_REQUEST['query'])).
+ "' or ag_comment ~* '".trim(sql_string($_REQUEST['query']))."'".
")";
}
Modified: phpcompta/trunk/include/class_acc_ledger.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_acc_ledger.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -2406,7 +2406,7 @@
$and=" and ";
}
// comment
- $desc=FormatString($desc);
+ $desc=sql_string($desc);
if ( $desc != null )
{
$fil_desc=$and." ( upper(jr_comment) like upper('%".$desc."%') or
upper(jr_pj_number) like upper('%".$desc."%') ".
Modified: phpcompta/trunk/include/class_acc_ledger_fin.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger_fin.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_acc_ledger_fin.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -719,7 +719,7 @@
$acc_operation->insert_jrnx();
- if ( FormatString(${"e_other$i"."_comment"}) == null )
+ if ( sql_string(${"e_other$i"."_comment"}) == null )
{
// if comment is blank set a default one
$comment=" compte :
".$fBank->strAttribut(ATTR_DEF_NAME).' a '.
@@ -797,7 +797,7 @@
$op->j_id=$j_id;
$op->oa_date=$e_date;
$op->oa_debit=($amount < 0 )?'t':'f';
- $op->oa_description=FormatString($comment);
+ $op->oa_description=sql_string($comment);
$op->save_form_plan($_POST,$i,$j_id);
}
Modified: phpcompta/trunk/include/class_acc_ledger_purchase.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger_purchase.php 2011-10-29
13:15:17 UTC (rev 4270)
+++ phpcompta/trunk/include/class_acc_ledger_purchase.php 2011-10-29
14:46:13 UTC (rev 4271)
@@ -486,7 +486,7 @@
$op->oa_date=$e_date;
$op->oa_debit=($amount > 0 )?'t':'f';
- $op->oa_description=FormatString($e_comm);
+ $op->oa_description=sql_string($e_comm);
$op->save_form_plan($_POST,$i,$j_id);
}
// insert into quant_purchase
Modified: phpcompta/trunk/include/class_acc_ledger_sold.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger_sold.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_acc_ledger_sold.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -357,7 +357,7 @@
$op->j_id=$j_id;
$op->oa_date=$e_date;
$op->oa_debit=($amount < 0 )?'t':'f';
- $op->oa_description=FormatString($e_comm);
+ $op->oa_description=sql_string($e_comm);
$op->save_form_plan($_POST,$i,$j_id);
}
if ( $owner->MY_TVA_USE=='Y')
Modified: phpcompta/trunk/include/class_acc_parm_code.php
===================================================================
--- phpcompta/trunk/include/class_acc_parm_code.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_acc_parm_code.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -89,9 +89,9 @@
}
else
{
- $this->p_comment=FormatString($this->p_comment);
- $this->p_value=FormatString($this->p_value);
- $this->p_code=FormatString($this->p_code);
+ $this->p_comment=sql_string($this->p_comment);
+ $this->p_value=sql_string($this->p_value);
+ $this->p_code=sql_string($this->p_code);
$sql="update parm_code set ".
"p_comment='".$this->p_comment."' ".
",p_value='".$this->p_value."' ".
Modified: phpcompta/trunk/include/class_action.php
===================================================================
--- phpcompta/trunk/include/class_action.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_action.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -256,7 +256,7 @@
$ag_ref=new IText();
$ag_ref->readonly=$upd;
$ag_ref->name="ag_ref";
- $ag_ref->value=FormatString($this->ag_ref);
+ $ag_ref->value=sql_string($this->ag_ref);
$client_label=new ISpan();
/* Add button */
Modified: phpcompta/trunk/include/class_anc_account.php
===================================================================
--- phpcompta/trunk/include/class_anc_account.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_anc_account.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -89,7 +89,7 @@
*/
function get_by_name($p_name)
{
- $p_name=FormatString($p_name);
+ $p_name=sql_string($p_name);
if ( $p_name == null )
$p_name=$this->name;
@@ -158,15 +158,15 @@
private function format_data()
{
- $this->name=FormatString($this->name);
- $this->pa_id=FormatString($this->pa_id);
- $this->amount=FormatString($this->amount);
+ $this->name=sql_string($this->name);
+ $this->pa_id=sql_string($this->pa_id);
+ $this->amount=sql_string($this->amount);
if (strlen($this->amount) == 0 )
$this->amount=0.0;
if ( isNumber($this->amount) ==0 )
$this->amount=0;
- $this->description=FormatString($this->description);
+ $this->description=sql_string($this->description);
}
function delete()
{
Modified: phpcompta/trunk/include/class_anc_plan.php
===================================================================
--- phpcompta/trunk/include/class_anc_plan.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_anc_plan.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -88,22 +88,22 @@
function update()
{
if ( $this->id==0) return;
- $name=FormatString($this->name);
+ $name=sql_string($this->name);
if ( strlen($name) == 0)
return;
- $description=FormatString($this->description);
+ $description=sql_string($this->description);
$this->db->exec_sql("update plan_analytique set pa_name=$1,
pa_description=$2 where
pa_id=$3",array($name,$description,$this->id));
}
function add()
{
- $name=FormatString($this->name);
+ $name=sql_string($this->name);
if ( strlen($name) == 0)
return;
if ( $this->isAppend() == false) return;
- $description=FormatString($this->description);
+ $description=sql_string($this->description);
$this->db->exec_sql("insert into
plan_analytique(pa_name,pa_description)".
" values (".
"'".$name."',".
Modified: phpcompta/trunk/include/class_contact.php
===================================================================
--- phpcompta/trunk/include/class_contact.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_contact.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -49,7 +49,7 @@
*/
function Summary($p_search="",$p_action="",$p_sql="")
{
- $p_search=FormatString($p_search);
+ $p_search=sql_string($p_search);
$extra_sql="";
if ( $this->company != "")
{
Modified: phpcompta/trunk/include/class_document_modele.php
===================================================================
--- phpcompta/trunk/include/class_document_modele.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_document_modele.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -114,7 +114,7 @@
* first created (-> insert into document_modele)
* in that case the name and the type must be set
* set before calling Save, the name will be modified
- * with FormatString
+ * with sql_string
*
*/
function Save()
Modified: phpcompta/trunk/include/class_fiche.php
===================================================================
--- phpcompta/trunk/include/class_fiche.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_fiche.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -252,7 +252,7 @@
where frd_id=".$p_frd_id;
if ( $p_search != "" )
{
- $a=FormatString($p_search);
+ $a=sql_string($p_search);
$sql="select * from vw_fiche_attr where frd_id=".$p_frd_id.
" and vw_name ~* '$p_search'";
}
@@ -344,7 +344,7 @@
if ($this->id==0) return NOTFOUND;
// object is not in memory we need to look into the database
$sql="select ad_value from fiche_detail
- where f_id=".FormatString($this->id)." and ad_id=".$p_ad_id;
+ where f_id=".sql_string($this->id)." and ad_id=".$p_ad_id;
$Res=$this->cn->exec_sql($sql);
$row=Database::fetch_all($Res);
// if not found return error
@@ -738,7 +738,7 @@
if ( $id == ATTR_DEF_QUICKCODE)
{
$sql=sprintf("select insert_quick_code(%d,'%s')",
- $fiche_id,FormatString($value));
+ $fiche_id,sql_string($value));
$this->cn->exec_sql($sql);
continue;
}
@@ -752,7 +752,7 @@
// account
if ( $id == ATTR_DEF_ACCOUNT )
{
- $v=FormatString($value);
+ $v=sql_string($value);
try
{
@@ -793,14 +793,14 @@
$exist=$this->cn->count_sql("select f_id from fiche join
fiche_def using (fd_id) ".
" join fiche_detail
using(f_id) ".
" where frd_id in (8,9,14) and
ad_id=".ATTR_DEF_QUICKCODE.
- " and
ad_value='".FormatString($value)."'");
- if ( $exist == 0 && FormatString($value) != null )
+ " and
ad_value='".sql_string($value)."'");
+ if ( $exist == 0 && sql_string($value) != null )
{
$value="";
}
}
// Normal traitement
- $value2=FormatString($value);
+ $value2=sql_string($value);
$sql=sprintf("select attribut_insert(%d,%d,'%s')",
$fiche_id,$id,trim($value2));
@@ -861,7 +861,7 @@
if ( $id == ATTR_DEF_QUICKCODE)
{
$sql=sprintf("select update_quick_code(%d,'%s')",
- $jft_id,FormatString($value));
+ $jft_id,sql_string($value));
$this->cn->exec_sql($sql);
continue;
}
@@ -887,7 +887,7 @@
' values
(%d,0,\'%s\',upper(\'%s\'),\'d\',\'%s\')',
$this->id,
'initial',
- FormatString($value),
+ sql_string($value),
$exercice);
$this->cn->exec_sql($str_stock);
@@ -895,7 +895,7 @@
else
{
$str_stock=sprintf("update stock_goods set
sg_code=upper('%s') where f_id=%d",
- FormatString($value),
+ sql_string($value),
$this->id);
$this->cn->exec_sql($str_stock);
}
@@ -904,7 +904,7 @@
// account
if ( $id == ATTR_DEF_ACCOUNT )
{
- $v=FormatString($value);
+ $v=sql_string($value);
if ( trim($v) != '' )
{
if ( strpos($v,',') != 0)
@@ -964,7 +964,7 @@
array(ATTR_DEF_QUICKCODE,$value));
- if ( Database::num_row($exist) == 0 &&
FormatString($value) != null )
+ if ( Database::num_row($exist) == 0 && sql_string($value)
!= null )
{
$value="Attention : pas de société ";
}
@@ -1507,7 +1507,7 @@
{
$str_dossier=dossier::get();
- $p_search=FormatString($p_search);
+ $p_search=sql_string($p_search);
$script=$_SERVER['PHP_SELF'];
// Creation of the nav bar
// Get the max numberRow
@@ -1819,7 +1819,7 @@
$and=" and ";
if (isset($query))
{
- $query=FormatString($query);
+ $query=sql_string($query);
if (strlen(trim($query)) > 1)
{
Modified: phpcompta/trunk/include/class_fiche_def.php
===================================================================
--- phpcompta/trunk/include/class_fiche_def.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_fiche_def.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -185,7 +185,7 @@
${"p_$key"}=$element;
}
// Format correctly the name of the cat. of card
- $p_nom_mod=FormatString($p_nom_mod);
+ $p_nom_mod=sql_string($p_nom_mod);
// Name can't be empty
@@ -205,7 +205,7 @@
// and insert into fiche_def
// if p_class_base is null get the default class base from
// fiche_def_ref
- if ( FormatString($p_class_base) == null )
+ if ( sql_string($p_class_base) == null )
{ // p_class is null
// So we take the default one
$p_class_base=$fiche_Def_ref->frd_class_base;
@@ -223,7 +223,7 @@
$p_create='false';
// Class is valid ?
- if ( FormatString($p_class_base) != null || strpos(',',$p_class_base)
!= 0 )
+ if ( sql_string($p_class_base) != null || strpos(',',$p_class_base) !=
0 )
{
// p_class is a valid number
$sql="insert into
fiche_def(fd_label,fd_class_base,frd_id,fd_create_account)
@@ -531,7 +531,7 @@
function SaveLabel($p_label)
{
if ( $this->id == 0 ) return;
- $p_label=FormatString($p_label);
+ $p_label=sql_string($p_label);
if (strlen(trim ($p_label)) == 0 )
{
return;
@@ -566,7 +566,7 @@
function save_class_base($p_label)
{
if ( $this->id == 0 ) return;
- $p_label=FormatString($p_label);
+ $p_label=sql_string($p_label);
$sql="update fiche_def set fd_class_base=$1 ".
"where fd_id=$2";
Modified: phpcompta/trunk/include/class_iperiod.php
===================================================================
--- phpcompta/trunk/include/class_iperiod.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_iperiod.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -114,7 +114,7 @@
$cond='';
if ( $sql_closed=="") $and=" where " ; else $and=" and ";
if ($this->type == 'all' ) $cond=$and.' true ';
- $cond.=" $and p_exercice='".FormatString($this->exercice)."'";
+ $cond.=" $and p_exercice='".sql_string($this->exercice)."'";
}
$sql.=$cond." order by p_start,p_end";
Modified: phpcompta/trunk/include/class_pre_operation.php
===================================================================
--- phpcompta/trunk/include/class_pre_operation.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/class_pre_operation.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -231,8 +231,8 @@
public function get_operation()
{
$value=$this->db->make_array("select od_id,od_name from op_predef ".
- " where
jrn_def_id=".FormatString($this->jrn_def_id).
- " and od_direct
='".FormatString($this->od_direct)."'".
+ " where
jrn_def_id=".sql_string($this->jrn_def_id).
+ " and od_direct
='".sql_string($this->od_direct)."'".
" order by od_name");
return $value;
}
Modified: phpcompta/trunk/include/class_user.php
===================================================================
--- phpcompta/trunk/include/class_user.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/class_user.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -268,7 +268,7 @@
{
if ( $this->admin != 1 && $this->is_local_admin() != 1)
{
- $sql_type=($p_type=='ALL')?'':"and
jrn_def_type=upper('".FormatString($p_type)."')";
+ $sql_type=($p_type=='ALL')?'':"and
jrn_def_type=upper('".sql_string($p_type)."')";
switch($p_access)
{
case 3:
@@ -296,7 +296,7 @@
}
else
{
- $sql_type=($p_type=='ALL')?'':"where
jrn_def_type=upper('".FormatString($p_type)."')";
+ $sql_type=($p_type=='ALL')?'':"where
jrn_def_type=upper('".sql_string($p_type)."')";
$sql="select
jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
jrn_type_id,jrn_desc,'W' as uj_priv
from jrn_def join jrn_type on jrn_def_type=jrn_type_id
Modified: phpcompta/trunk/include/dossier.inc.php
===================================================================
--- phpcompta/trunk/include/dossier.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/dossier.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -44,14 +44,14 @@
{
$cn=new Database();
$dos=trim($_POST["DATABASE"]);
- $dos=FormatString($dos);
+ $dos=sql_string($dos);
if (strlen($dos)==0)
{
echo _("Le nom du dossier est vide");
exit -1;
}
$encoding=$cn->get_value("select encoding from pg_database where ".
- "
datname='".domaine.'mod'.FormatString($_POST["FMOD_ID"])."'");
+ "
datname='".domaine.'mod'.sql_string($_POST["FMOD_ID"])."'");
if ( $encoding != 6 )
{
alert(_('Désolé vous devez migrer ce modèle en unicode'));
@@ -62,7 +62,7 @@
exit();
}
- $desc=FormatString($_POST["DESCRIPTION"]);
+ $desc=sql_string($_POST["DESCRIPTION"]);
try
{
$cn->start();
@@ -89,7 +89,7 @@
//--
// setting the year
//--
- $year=FormatString($_POST['YEAR']);
+ $year=sql_string($_POST['YEAR']);
if ( strlen($year) != 4 || isNumber($year) == 0 || $year > 2100 ||
$year < 2000 || $year != round($year,0))
{
echo "$year"._(" est une année invalide");
@@ -101,7 +101,7 @@
domaine,
$l_id,
domaine,
- FormatString($_POST["FMOD_ID"]));
+ sql_string($_POST["FMOD_ID"]));
ob_start();
if ( $cn->exec_sql($Sql)==false)
{
@@ -336,7 +336,7 @@
echo "<h2 class=\"error\"> $msg "._('inexistant')."</h2>";
exit();
}
- $sql="drop database ".domaine."dossier".FormatString($_REQUEST['d']);
+ $sql="drop database ".domaine."dossier".sql_string($_REQUEST['d']);
ob_start();
if ( $cn->exec_sql($sql)==false)
{
Modified: phpcompta/trunk/include/export_bilan_oth.php
===================================================================
--- phpcompta/trunk/include/export_bilan_oth.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/export_bilan_oth.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -37,8 +37,7 @@
$bilan=new Acc_Bilan($cn);
$bilan->get_request_get();
$bilan->load();
-/*\!bug the headers shouldn't be sent here, but it doesn't work
- * a html header is send before, to fix asap */
+
if ( $bilan->b_type=='odt')
{
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
Modified: phpcompta/trunk/include/export_gl_csv.php
===================================================================
--- phpcompta/trunk/include/export_gl_csv.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/export_gl_csv.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -52,7 +52,7 @@
$parent=$poste_id;
$a_poste=$cn->get_array("select pcm_val from tmp_pcmn where
pcm_val::text like '$parent%' order by pcm_val::text");
}
- elseif ( $cn->count_sql('select * from tmp_pcmn where
pcm_val='.FormatString($poste_id)) != 0 )
+ elseif ( $cn->count_sql('select * from tmp_pcmn where
pcm_val='.sql_string($poste_id)) != 0 )
{
$a_poste=array('pcm_val' => $poste_id);
}
Modified: phpcompta/trunk/include/fiche.inc.php
===================================================================
--- phpcompta/trunk/include/fiche.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/fiche.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -358,7 +358,7 @@
ShowRecherche();
$sql="select distinct f_id,fd_id from fiche join fiche_detail using
(f_id)
where
- upper(ad_value) like
upper('%".FormatString($_GET["search_text"])."%') order by f_id";
+ upper(ad_value) like
upper('%".sql_string($_GET["search_text"])."%') order by f_id";
$all=$cn->get_array($sql);
// test on the size
Modified: phpcompta/trunk/include/fiche_def.inc.php
===================================================================
--- phpcompta/trunk/include/fiche_def.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/fiche_def.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -30,9 +30,9 @@
{
extract ($_POST);
$update=new Fiche_Def_Ref($cn);
- $update->frd_id=FormatString($frd_id);
- $update->frd_text=FormatString($frd_text);
- $update->frd_class_base=FormatString($frd_class_base);
+ $update->frd_id=sql_string($frd_id);
+ $update->frd_text=sql_string($frd_text);
+ $update->frd_class_base=sql_string($frd_class_base);
$update->Save();
}
// Load All Fiche_def
Modified: phpcompta/trunk/include/impress_bilan.inc.php
===================================================================
--- phpcompta/trunk/include/impress_bilan.inc.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/impress_bilan.inc.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -56,7 +56,7 @@
echo '</form>';
echo '</fieldset>';
-$filter_year=" where p_exercice='".FormatString($exercice)."'";
+$filter_year=" where p_exercice='".sql_string($exercice)."'";
echo '<FORM METHOD="GET">';
echo HtmlInput::hidden('type','bilan');
echo dossier::hidden();
Modified: phpcompta/trunk/include/impress_jrn.inc.php
===================================================================
--- phpcompta/trunk/include/impress_jrn.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/impress_jrn.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -106,7 +106,7 @@
print '</TR>';
print '<TR>';
// filter on the current year
-$filter_year=" where p_exercice='".FormatString($exercice)."'";
+$filter_year=" where p_exercice='".sql_string($exercice)."'";
$periode_start=$cn->make_array("select p_id,to_char(p_start,'DD-MM-YYYY') from
parm_periode $filter_year order by p_start,p_end");
$w->selected=(isset($_GET['from_periode']))?$_GET['from_periode']:'';
Modified: phpcompta/trunk/include/impress_rapport.inc.php
===================================================================
--- phpcompta/trunk/include/impress_rapport.inc.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/impress_rapport.inc.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -217,7 +217,7 @@
$w->javascript='';
print '<TR>';
// filter on the current year
-$filter_year=" where p_exercice='".FormatString($exercice)."'";
+$filter_year=" where p_exercice='".sql_string($exercice)."'";
$periode_start=$cn->make_array("select p_id,to_char(p_start,'DD-MM-YYYY') from
parm_periode $filter_year order by p_start,p_end");
print td("Période comptable : Depuis");
Modified: phpcompta/trunk/include/impress_rec.inc.php
===================================================================
--- phpcompta/trunk/include/impress_rec.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/impress_rec.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -29,7 +29,6 @@
/**
address@hidden
- address@hidden add the export to PDF
*/
$aledger=$g_user->get_ledger('ALL',3);
echo '<div class="noprint">';
Modified: phpcompta/trunk/include/modele.inc.php
===================================================================
--- phpcompta/trunk/include/modele.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/modele.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -61,7 +61,7 @@
if ( isset ($_POST["FMOD_NAME"]) )
{
$encoding=$cn->get_value("select encoding from pg_database where ".
- "
datname='".domaine.'dossier'.FormatString($_POST["FMOD_DBID"])."'");
+ "
datname='".domaine.'dossier'.sql_string($_POST["FMOD_DBID"])."'");
if ( $encoding != 6 )
{
@@ -74,8 +74,8 @@
exit();
}
- $mod_name=FormatString($_POST["FMOD_NAME"]);
- $mod_desc=FormatString($_POST["FMOD_DESC"]);
+ $mod_name=sql_string($_POST["FMOD_NAME"]);
+ $mod_desc=sql_string($_POST["FMOD_DESC"]);
if ( $mod_name != null)
{
$Res=$cn->exec_sql("insert into modeledef(mod_name,mod_desc)
@@ -381,7 +381,7 @@
echo "<h2 class=\"error\"> $msg inexistant</h2>";
exit();
}
- $sql="drop database ".domaine."mod".FormatString($_REQUEST['m']);
+ $sql="drop database ".domaine."mod".sql_string($_REQUEST['m']);
ob_start();
if ( $cn->exec_sql($sql)==false)
{
Modified: phpcompta/trunk/include/param_jrn_add.inc.php
===================================================================
--- phpcompta/trunk/include/param_jrn_add.inc.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/param_jrn_add.inc.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -76,7 +76,7 @@
$p_jrn_name=$_POST["p_jrn_name"];
- $p_jrn_class_deb=FormatString($_POST["p_jrn_class_deb"]);
+ $p_jrn_class_deb=sql_string($_POST["p_jrn_class_deb"]);
if (strlen(trim($p_jrn_name))==0) return;
// compute the jrn_def.jrn_def_code
$p_code=sprintf("%s%02d",trim(substr($_POST['p_jrn_type'],0,1)),Acc_Ledger::next_number($cn,$_POST['p_jrn_type']));
Modified: phpcompta/trunk/include/param_jrn_detail.inc.php
===================================================================
--- phpcompta/trunk/include/param_jrn_detail.inc.php 2011-10-29 13:15:17 UTC
(rev 4270)
+++ phpcompta/trunk/include/param_jrn_detail.inc.php 2011-10-29 14:46:13 UTC
(rev 4271)
@@ -114,7 +114,7 @@
$p_jrn_name=$_POST['p_jrn_name'];
if (strlen(trim($p_jrn_name))==0) return;
- $p_jrn_name=FormatString($p_jrn_name);
+ $p_jrn_name=sql_string($p_jrn_name);
$p_jrn_fiche_deb="";
$p_jrn_fiche_cred="";
$bank=null;
Modified: phpcompta/trunk/include/param_pcmn.inc.php
===================================================================
--- phpcompta/trunk/include/param_pcmn.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/param_pcmn.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -289,7 +289,7 @@
echo "$td";
printf ("<A HREF=\"javascript:PcmnUpdate('%s','%s','%s','%s',%d)\">",
$A['pcm_val'],
- FormatString($A['pcm_lib']),
+ sql_string($A['pcm_lib']),
$A['pcm_val_parent'],
$A['pcm_type'],
dossier::id());
Modified: phpcompta/trunk/include/restore.inc.php
===================================================================
--- phpcompta/trunk/include/restore.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/restore.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -67,7 +67,7 @@
$id=$cn->get_next_seq('dossier_id');
if ( strlen(trim($_REQUEST['database'])) == 0 )
- $lname=$id." Restauration :".FormatString($_FILES['file']['name']);
+ $lname=$id." Restauration :".sql_string($_FILES['file']['name']);
else
$lname=$id." ".$_REQUEST['database'];
@@ -129,7 +129,7 @@
$id=$cn->get_next_seq('s_modid');
if ( strlen(trim($_REQUEST['database'])) == 0 )
- $lname=$id." Restauration :".FormatString($_FILES['file']['name']);
+ $lname=$id." Restauration :".sql_string($_FILES['file']['name']);
else
$lname=$id." ".$_REQUEST['database'];
Modified: phpcompta/trunk/include/stock.inc.php
===================================================================
--- phpcompta/trunk/include/stock.inc.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/stock.inc.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -79,7 +79,7 @@
$type=( $change < 0 )?'c':'d';
if ( $change != 0)
{
- $comment=FormatString($comment);
+ $comment=sql_string($comment);
$Res=$cn->exec_sql("insert into stock_goods
( j_id,
f_id,
Modified: phpcompta/trunk/include/user_common.php
===================================================================
--- phpcompta/trunk/include/user_common.php 2011-10-29 13:15:17 UTC (rev
4270)
+++ phpcompta/trunk/include/user_common.php 2011-10-29 14:46:13 UTC (rev
4271)
@@ -56,7 +56,7 @@
$code=new Fiche($p_cn);
$code->get_by_qcode($p_good);
$code_marchandise=$code->strAttribut(ATTR_DEF_STOCK);
- $p_good=FormatString($p_good);
+ $p_good=sql_string($p_good);
$sql="select f_id from vw_poste_qcode where j_qcode=upper('$p_good')";
$Res=$p_cn->exec_sql($sql);
$r=Database::fetch_array($Res,0);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4271 - in phpcompta/trunk: html include,
phpcompta-dev <=