Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
InventoryValuation.php
07-03-2013, 08:28 AM,
#1
InventoryValuation.php
Hi all;

When trying to run Inventory Valuation, whenever I try to get the valuation for a single Category I get

Quote:INFORMATION Message : There were no items with any value to print out for the location specified

However when I run for many categories I get the expected output. I am sure that when a single Category is selected there is stock and avalue so something should come out. In fact, capturing $SQL from (line 75)
Code:
$InventoryResult = DB_query($SQL,$db,'','',false,true);
and then executing it in MySQL WorkBench returns relevant lines. However
Code:
DB_num_rows($InventoryResult)
returns a 0 (zero).

Any advice or suggestions welcome.

Regards
I.
Reply
07-03-2013, 08:46 AM,
#2
RE: InventoryValuation.php
Well something doesn't add here... if you could send me details of your server and login privately I will take a look.
Phil Daintree
webERP Admin
Logic Works Ltd
http://www.logicworks.co.nz
Reply
07-03-2013, 08:50 AM,
#3
RE: InventoryValuation.php
Hi Phil;

Thanks

Seems like I cannot send you an email through the forum as I do not have access rights.


I.



(07-03-2013, 08:46 AM)phil Wrote: Well something doesn't add here... if you could send me details of your server and login privately I will take a look.



Reply
07-03-2013, 09:00 AM,
#4
RE: InventoryValuation.php
If you could do it through my web-site please.
Phil Daintree
webERP Admin
Logic Works Ltd
http://www.logicworks.co.nz
Reply
07-03-2013, 09:08 AM,
#5
RE: InventoryValuation.php
Hi Phil; All;

I found the issue - the names of the categories.

The categories are "XXX <= 3W". When passing that category name in the $SQL, PHP seems to have issues with it and not process it correctly. However, as I said earlier, when $SQL is captured and executed manually in MySQLWorkbench it works ok.

Now my question is: is there a function which would allow passing such values and not have issues with PHP. I am thinking something like:

Code:
                AND stockcategory.categorydescription >= '" . FUNCTION_fn($_POST['FromCriteria']) . "'
                AND stockcategory.categorydescription <= '" . FUNCTION_fn($_POST['ToCriteria']) . "'

Thanks
I.
Reply
07-03-2013, 10:30 AM,
#6
RE: InventoryValuation.php
DB_escape_string()

But pretty sure that all $_POST variables get DB_escape_string'ed inside session.inc at the start of the script so injection nonsense is avoided.

Code:
    foreach ($_POST as $PostVariableName => $PostVariableValue) {
        if (gettype($PostVariableValue) != 'array') {
            if(get_magic_quotes_gpc()) {
                $_POST['name'] = stripslashes($_POST['name']);
            }
            $_POST[$PostVariableName] = DB_escape_string($PostVariableValue);
        } else {
            foreach ($PostVariableValue as $PostArrayKey => $PostArrayValue) {
                if(get_magic_quotes_gpc()) {
                    $PostVariableValue[$PostArrayKey] = stripslashes($value[$PostArrayKey]);
                }
                $PostVariableValue[$PostArrayKey] = DB_escape_string($PostArrayValue);
            }
        }
    }

    /* iterate through all elements of the $_GET array and DB_escape_string them
    to limit possibility for SQL injection attacks and cross scripting attacks
    */
    foreach ($_GET as $GetKey => $GetValue) {
        if (gettype($GetValue) != 'array') {
            $_GET[$GetKey] = DB_escape_string($GetValue);
        }
    }

Perhaps this code is munting your category name - what is the character that is causing the trouble? Perhaps we need to trap it for future.
Phil Daintree
webERP Admin
Logic Works Ltd
http://www.logicworks.co.nz
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)