- my $sortorder = "cus.name,i.parts_id,ar.transdate";
- if ($form->{sortby} eq 'artikelsort') {
- $sortorder = "i.parts_id,cus.name,ar.transdate";
+ # Bestandteile von Erzeugnissen herausfiltern
+ $where .= " AND i.assemblyitem is not true ";
+
+ # filter allowed parameters for mainsort and subsort as passed by POST
+ my @databasefields = qw(description customername country partsgroup business salesman month);
+ my ($mainsort) = grep { /^$form->{mainsort}$/ } @databasefields;
+ my ($subsort) = grep { /^$form->{subsort}$/ } @databasefields;
+ die "illegal parameter for mainsort or subsort" unless $mainsort and $subsort;
+
+ my $sortorder;
+ # sorting by month is a special case, we don't want to sort alphabetically by
+ # month name, so we also extract a numerical month in the from YYYYMM to sort
+ # by in case of month sorting
+ # Sorting by month, using description as an example:
+ # Sorting with month as mainsort: ORDER BY nummonth,description,ar.transdate,ar.invnumber
+ # Sorting with month as subsort: ORDER BY description,nummonth,ar.transdate,ar.invnumber
+ if ($form->{mainsort} eq 'month') {
+ $sortorder .= "nummonth,"
+ } else {
+ $sortorder .= $mainsort . ",";