[simpleinvoices commit] r410 - in trunk: include src/billers src/customers

0 views

Skip to first unread message

codesite...@google.com

unread,

Mar 16, 2007, 6:40:57 PM3/16/07

to simpleinv...@googlegroups.com

Author: ruflin
Date: Fri Mar 16 15:40:36 2007
New Revision: 410

Modified:
trunk/include/functions.php
trunk/src/billers/add.php
trunk/src/customers/details.php
trunk/src/customers/manage.php
trunk/src/customers/save.php

Log:
Small change...

Modified: trunk/include/functions.php
==============================================================================
--- trunk/include/functions.php (original)
+++ trunk/include/functions.php Fri Mar 16 15:40:36 2007
@@ -38,11 +38,9 @@
include("./lang/$language.inc.php");
ob_end_clean();

- $conn = mysql_connect( $db_host, $db_user, $db_password );
- mysql_select_db( $db_name, $conn );

$sql = "SELECT cf_custom_label FROM {$tb_prefix}custom_fields WHERE cf_custom_field = '$field'";
- $result = mysql_query($sql,$conn) or die(mysql_error());
+ $result = mysql_query($sql) or die(mysql_error());

$cf = mysql_fetch_array($result);

Modified: trunk/src/billers/add.php
==============================================================================
--- trunk/src/billers/add.php (original)
+++ trunk/src/billers/add.php Fri Mar 16 15:40:36 2007
@@ -52,7 +52,8 @@
<option value="1" selected>$wording_for_enabledField</option>
<option value="0">$wording_for_disabledField</option>
</select>
-EOD;
+EOD;
+

#get custom field labels
$biller_custom_field_label1 = get_custom_field_label("biller_cf1");

Modified: trunk/src/customers/details.php
==============================================================================
--- trunk/src/customers/details.php (original)
+++ trunk/src/customers/details.php Fri Mar 16 15:40:36 2007
@@ -2,10 +2,7 @@
include_once('./include/include_main.php');

//stop the direct browsing to this file - let index.php handle which files get displayed
-checkLogin();
-
-
-
+checkLogin();

/* validataion code */
include("./include/validation.php");
@@ -23,9 +20,6 @@
$customer_id = $_GET['submit'];

-
-
-
$customer = getCustomer($customer_id);

@@ -50,6 +44,9 @@
$customer_custom_field_label2 = get_custom_field_label("customer_cf2");
$customer_custom_field_label3 = get_custom_field_label("customer_cf3");
$customer_custom_field_label4 = get_custom_field_label("customer_cf4");
+
+#show invoices per client
+$sql = "SELECT * FROM {$tb_prefix}invoices WHERE inv_customer_id =$customer_id ORDER BY inv_id desc";

if ($_GET['action'] === 'view') {
@@ -111,8 +108,7 @@

EOD;

-#show invoices per client
-$sql = "select * from {$tb_prefix}invoices where inv_customer_id =$customer_id ORDER BY inv_id desc";
+

$display_block .= <<<EOD
<br>

Modified: trunk/src/customers/manage.php
==============================================================================
--- trunk/src/customers/manage.php (original)
+++ trunk/src/customers/manage.php Fri Mar 16 15:40:36 2007
@@ -6,9 +6,7 @@

-
-
-$sql = "select * from {$tb_prefix}customers ORDER BY c_name";
+$sql = "SELECT * FROM {$tb_prefix}customers ORDER BY c_name";

$result = mysql_query($sql, $conn) or die(mysql_error());
$number_of_rows = mysql_num_rows($result);

Modified: trunk/src/customers/save.php
==============================================================================
--- trunk/src/customers/save.php (original)
+++ trunk/src/customers/save.php Fri Mar 16 15:40:36 2007
@@ -16,20 +16,19 @@
/* old code
$sql = "INSERT into {$tb_prefix}customers values ('','$_POST[c_attention]','$_POST[c_name]','$_POST[c_street_address]','$_POST[c_city]','$_POST[c_state]','$_POST[c_zip_code]','$_POST[c_country]','$_POST[c_phone]','$_POST[c_fax]','$_POST[c_email]')";
*/
-
+
+//TODO: What's happening? Which vars are extracted? Not secure...
extract( $_POST );

-$sql ='INSERT INTO
- {$tb_prefix}customers
- VALUES
- ("","' . $c_attention . '", "' . $c_name . '", "' . $c_street_address . '", "' . $c_street_address2 . '", "' . $c_city . '", "' . $c_state . '", "' . $c_zip_code . '", "' . $c_country . '", "' . $c_phone . '", "' . $c_mobile_phone . '", "' . $c_fax . '", "' . $c_email . '", "' . $c_notes . '", "' . $c_custom_field1 . '", "' . $c_custom_field2 . '", "' . $c_custom_field3 . '", "' . $c_custom_field4 . '", "' . $c_enabled . '")';
+$sql ='INSERT INTO {$tb_prefix}customers VALUES ("","' . $c_attention . '", "' . $c_name . '", "' . $c_street_address . '", "' . $c_street_address2 . '", "' . $c_city . '", "' . $c_state . '", "' . $c_zip_code . '", "' . $c_country . '", "' . $c_phone . '", "' . $c_mobile_phone . '", "' . $c_fax . '", "' . $c_email . '", "' . $c_notes . '", "' . $c_custom_field1 . '", "' . $c_custom_field2 . '", "' . $c_custom_field3 . '", "' . $c_custom_field4 . '", "' . $c_enabled . '")';

if (mysql_query($sql, $conn)) {
$display_block = $LANG_save_customer_success;
} else {
$display_block = $LANG_save_customer_failure;
-}
+}
+ //TODO: Refresh over php?
//header( 'refresh: 2; url=manage_customers.php' );
$refresh_total = "<META HTTP-EQUIV=REFRESH CONTENT=2;URL=index.php?module=customers&view=manage>";
}

Reply all

Reply to author

Forward

0 new messages