';
//$html.=$this->input('table', $class, 'hidden');
foreach($columns as $column) {
$html.=$class.':
'.$column['Field'].': ';
$name="values[$class][".$column['Field'].'][]';
- $val = $update ? $current[$column['Field']] : false;
+ $val = $update && isset($current[$column['Field']]) ? $current[$column['Field']] : false;
switch(true) {
case (preg_match('/auto_increment/', $column['Extra']) || in_array($column['Field'], $hidecols)):
if(!$val) $val = '';
@@ -327,7 +339,7 @@ class Sklad_DB extends PDO {
'model' => array('category', 'producer')
); //TODO Autodetect using foreign keys?
$search_fields = array(
- 'item' => array('item_id','model_name','model_barcode','model_descript','producer_name','vendor_name')
+ 'item' => array('item_id','item_serial','model_name','model_barcode','model_descript','producer_name','vendor_name')
); //TODO Autodetect
//Escaping
@@ -341,13 +353,13 @@ class Sklad_DB extends PDO {
if($search) {
$search = $this->quote($search);
if(!isset($search_fields[$class])) $this->post_redirect_get($class, "Ve tride $class zatim vyhledavat nemozno :-(");
- $search = '';
- foreach($search_fields[$class] as $column) $search .= "OR $column REGEXP $search ";
- $where[] = "FALSE $search";
+ $sql_search = '';
+ foreach($search_fields[$class] as $column) $sql_search .= "OR $column REGEXP $search ";
+ $where[] = "FALSE $sql_search";
} elseif($id) $where[] = "$class$suffix_id = $id";
if(!$history && $this->contains_history($class)) $where[] = $class.'_valid_till=0';
- if($where) $sql .= 'WHERE '.implode(' AND ', $where)."\n";
+ if($where) $sql .= 'WHERE ('.implode(') AND (', $where).")\n";
//ORDER
if(!$order) $order = $class.$suffix_id;
if($this->contains_history($class)) $order .= ",${class}_valid_from DESC";
@@ -406,6 +418,14 @@ class Sklad_DB extends PDO {
return array_filter($selectbox, 'ksort');
}
+ function map_unique($key, $value, $select, $table) { //TODO: Guess $select and $table if not passed
+ $history = $this->contains_history($table) ? " AND ${table}_valid_till=0" : '';
+ $value=$this->quote($value);
+ $sql = "SELECT $select FROM $table WHERE $key=$value$history LIMIT 1;"; //TODO use build_query_select()!!!
+ $result = $this->safe_query($sql)->fetchAll(PDO::FETCH_ASSOC);
+ if(isset($result[0][$select])) return $result[0][$select]; else die(trigger_error('Položka nenalezena!')); //TODO post_redirect_get...
+ }
+
function contains_history($table) {
$history_tables = array('item'); //TODO Autodetect
return in_array($table, $history_tables);
@@ -605,7 +625,11 @@ class Sklad_UI {
$location = $this->html->internal_url($location).'?message='.urlencode($message);
header('Location: '.$location);
if($error) trigger_error($message);
- die("Location:
$location");
+ $location=htmlspecialchars($location);
+ die(
+ "
".
+ "Location:
$location"
+ );
}
function safe_include($dir,$name,$vars=array(),$ext='.inc.php') {