- my $restriction;
- my $tempNo = 0;
- foreach(split(/\,/, $form->{einschraenkungen})) {
- if($tempNo == 0) {
- $restriction .= " AND addition = '" . $_ . "'";
- $tempNo = 1;
- } else {
- $restriction .= " OR addition = '" . $_ . "'";
- }
+ my $dbh = $form->dbconnect(\%myconfig);
+
+ my $restriction = qq| AND (| . join(' OR ', map { " addition = " . $dbh->quote($_) } split(m/\,/, $form->{einschraenkungen})) . qq|)| if $form->{einschraenkungen};
+ $restriction .= qq| AND h.itime::date >= | . conv_dateq($form->{fromdate}) if $form->{fromdate};
+ $restriction .= qq| AND h.itime::date <= | . conv_dateq($form->{todate}) if $form->{todate};
+ if ($form->{mitarbeiter} =~ m/^\d+$/) {
+ $restriction .= qq| AND employee_id = | . $form->{mitarbeiter};
+ } elsif ($form->{mitarbeiter}) {
+ $restriction .= qq| AND employee_id = (SELECT id FROM employee WHERE name ILIKE | . $dbh->quote('%' . $form->{mitarbeiter} . '%') . qq|)|;