From 60f6c98e4f4a2084bd98d15844f0282436377760 Mon Sep 17 00:00:00 2001 From: einhverfr Date: Wed, 1 Nov 2006 00:11:37 +0000 Subject: Half-way through auditing IC.pm git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@437 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB/Form.pm | 2 + LedgerSMB/IC.pm | 1386 ++++++++++++++++++++++++++++------------------------- 2 files changed, 745 insertions(+), 643 deletions(-) diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 22dbf06f..23733bbf 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -1491,6 +1491,8 @@ sub dbquote { sub update_balance { + # This is a dangerous private function. All apps calling it must + # be careful to avoid SQL injection issues my ($self, $dbh, $table, $field, $where, $value) = @_; diff --git a/LedgerSMB/IC.pm b/LedgerSMB/IC.pm index f96b1294..dbaed0ce 100755 --- a/LedgerSMB/IC.pm +++ b/LedgerSMB/IC.pm @@ -35,801 +35,901 @@ package IC; sub get_part { - my ($self, $myconfig, $form) = @_; - - # connect to db - my $dbh = $form->{dbh}; - my $i; - - my $query = qq|SELECT p.*, - c1.accno AS inventory_accno, c1.description AS inventory_description, - c2.accno AS income_accno, c2.description AS income_description, - c3.accno AS expense_accno, c3.description AS expense_description, - pg.partsgroup - FROM parts p - LEFT JOIN chart c1 ON (p.inventory_accno_id = c1.id) - LEFT JOIN chart c2 ON (p.income_accno_id = c2.id) - LEFT JOIN chart c3 ON (p.expense_accno_id = c3.id) - LEFT JOIN partsgroup pg ON (p.partsgroup_id = pg.id) - WHERE p.id = $form->{id}|; - my $sth = $dbh->prepare($query); - $sth->execute || $form->dberror($query); - my $ref = $sth->fetchrow_hashref(NAME_lc); + my ($self, $myconfig, $form) = @_; + + # connect to db + my $dbh = $form->{dbh}; + my $i; + + my $query = qq| + SELECT p.*, c1.accno AS inventory_accno, + c1.description AS inventory_description, + c2.accno AS income_accno, + c2.description AS income_description, + c3.accno AS expense_accno, + c3.description AS expense_description, pg.partsgroup + FROM parts p + LEFT JOIN chart c1 ON (p.inventory_accno_id = c1.id) + LEFT JOIN chart c2 ON (p.income_accno_id = c2.id) + LEFT JOIN chart c3 ON (p.expense_accno_id = c3.id) + LEFT JOIN partsgroup pg ON (p.partsgroup_id = pg.id) + WHERE p.id = ?|; + my $sth = $dbh->prepare($query); + $sth->execute($form->{id}) || $form->dberror($query); + my $ref = $sth->fetchrow_hashref(NAME_lc); - # copy to $form variables - for (keys %$ref) { $form->{$_} = $ref->{$_} } - $sth->finish; + # copy to $form variables + for (keys %$ref) { $form->{$_} = $ref->{$_} } + $sth->finish; - my %oid = ('Pg' => 'TRUE', - 'Oracle' => 'a.rowid', - 'DB2' => '1=1' - ); - - # part, service item or labor - $form->{item} = ($form->{inventory_accno_id}) ? 'part' : 'service'; - $form->{item} = 'labor' if ! $form->{income_accno_id}; + # part, service item or labor + $form->{item} = ($form->{inventory_accno_id}) ? 'part' : 'service'; + $form->{item} = 'labor' if ! $form->{income_accno_id}; - if ($form->{assembly}) { - $form->{item} = 'assembly'; - - # retrieve assembly items - $query = qq|SELECT p.id, p.partnumber, p.description, - p.sellprice, p.weight, a.qty, a.bom, a.adj, p.unit, - p.lastcost, p.listprice, - pg.partsgroup, p.assembly, p.partsgroup_id - FROM parts p - JOIN assembly a ON (a.parts_id = p.id) - LEFT JOIN partsgroup pg ON (p.partsgroup_id = pg.id) - WHERE a.id = ? - |; - - $sth = $dbh->prepare($query); - $sth->execute($form->{id}) || $form->dberror($query); + if ($form->{assembly}) { + $form->{item} = 'assembly'; + + # retrieve assembly items + $query = qq| + SELECT p.id, p.partnumber, p.description, + p.sellprice, p.weight, a.qty, a.bom, a.adj, + p.unit, p.lastcost, p.listprice, + pg.partsgroup, p.assembly, p.partsgroup_id + FROM parts p + JOIN assembly a ON (a.parts_id = p.id) + LEFT JOIN partsgroup pg ON (p.partsgroup_id = pg.id) + WHERE a.id = ?|; + + $sth = $dbh->prepare($query); + $sth->execute($form->{id}) || $form->dberror($query); - $form->{assembly_rows} = 0; - while (my $ref = $sth->fetchrow_hashref(NAME_lc)) { - $form->{assembly_rows}++; - foreach my $key ( keys %{ $ref } ) { - $form->{"${key}_$form->{assembly_rows}"} = $ref->{$key}; - } - } - $sth->finish; - - } - - # setup accno hash for