webERP Forum
InventoryValuation.php - Printable Version

+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: Installation Issues (http://www.weberp.org/forum/forumdisplay.php?fid=13)
+--- Thread: InventoryValuation.php (/showthread.php?tid=958)



InventoryValuation.php - iangrech - 07-03-2013

Hi all;

When trying to run Inventory Valuation, whenever I try to get the valuation for a single Category I get

Quote:INFORMATION Message : There were no items with any value to print out for the location specified

However when I run for many categories I get the expected output. I am sure that when a single Category is selected there is stock and avalue so something should come out. In fact, capturing $SQL from (line 75)
Code:
$InventoryResult = DB_query($SQL,$db,'','',false,true);
and then executing it in MySQL WorkBench returns relevant lines. However
Code:
DB_num_rows($InventoryResult)
returns a 0 (zero).

Any advice or suggestions welcome.

Regards
I.


RE: InventoryValuation.php - phil - 07-03-2013

Well something doesn't add here... if you could send me details of your server and login privately I will take a look.


RE: InventoryValuation.php - iangrech - 07-03-2013

Hi Phil;

Thanks

Seems like I cannot send you an email through the forum as I do not have access rights.


I.



(07-03-2013, 08:46 AM)phil Wrote: Well something doesn't add here... if you could send me details of your server and login privately I will take a look.






RE: InventoryValuation.php - phil - 07-03-2013

If you could do it through my web-site please.


RE: InventoryValuation.php - iangrech - 07-03-2013

Hi Phil; All;

I found the issue - the names of the categories.

The categories are "XXX <= 3W". When passing that category name in the $SQL, PHP seems to have issues with it and not process it correctly. However, as I said earlier, when $SQL is captured and executed manually in MySQLWorkbench it works ok.

Now my question is: is there a function which would allow passing such values and not have issues with PHP. I am thinking something like:

Code:
                AND stockcategory.categorydescription >= '" . FUNCTION_fn($_POST['FromCriteria']) . "'
                AND stockcategory.categorydescription <= '" . FUNCTION_fn($_POST['ToCriteria']) . "'

Thanks
I.


RE: InventoryValuation.php - phil - 07-03-2013

DB_escape_string()

But pretty sure that all $_POST variables get DB_escape_string'ed inside session.inc at the start of the script so injection nonsense is avoided.

Code:
    foreach ($_POST as $PostVariableName => $PostVariableValue) {
        if (gettype($PostVariableValue) != 'array') {
            if(get_magic_quotes_gpc()) {
                $_POST['name'] = stripslashes($_POST['name']);
            }
            $_POST[$PostVariableName] = DB_escape_string($PostVariableValue);
        } else {
            foreach ($PostVariableValue as $PostArrayKey => $PostArrayValue) {
                if(get_magic_quotes_gpc()) {
                    $PostVariableValue[$PostArrayKey] = stripslashes($value[$PostArrayKey]);
                }
                $PostVariableValue[$PostArrayKey] = DB_escape_string($PostArrayValue);
            }
        }
    }

    /* iterate through all elements of the $_GET array and DB_escape_string them
    to limit possibility for SQL injection attacks and cross scripting attacks
    */
    foreach ($_GET as $GetKey => $GetValue) {
        if (gettype($GetValue) != 'array') {
            $_GET[$GetKey] = DB_escape_string($GetValue);
        }
    }

Perhaps this code is munting your category name - what is the character that is causing the trouble? Perhaps we need to trap it for future.