use SL::DBUtils;
use SL::HTML::Restrict;
use SL::TransNumber;
+use SL::Util qw(trim);
use strict;
if ($form->{partnumber}) {
$where .= qq| AND (p.partnumber ILIKE ?)|;
- push(@values, '%' . $form->{partnumber} . '%');
+ push(@values, $::form->like($form->{partnumber}));
}
if ($form->{description}) {
$where .= qq| AND (p.description ILIKE ?)|;
- push(@values, '%' . $form->{description} . '%');
+ push(@values, $::form->like($form->{description}));
}
# retrieve assembly items
while (my ($column, $table) = each(%columns)) {
next unless ($form->{"${column}_$i"});
$where .= qq| AND ${table}.${column} ILIKE ?|;
- push(@values, '%' . $form->{"${column}_$i"} . '%');
+ push(@values, $::form->like($form->{"${column}_$i"}));
}
if ($form->{id}) {
#===== switches and simple filters ========#
# special case transdate
- if (grep { $form->{$_} } qw(transdatefrom transdateto)) {
+ if (grep { trim($form->{$_}) } qw(transdatefrom transdateto)) {
$form->{"l_transdate"} = 1;
push @select_tokens, 'transdate';
for (qw(transdatefrom transdateto)) {
- next unless $form->{$_};
+ my $value = trim($form->{$_});
+ next unless $value;
push @where_tokens, sprintf "transdate %s ?", /from$/ ? '>=' : '<=';
- push @bind_vars, $form->{$_};
+ push @bind_vars, $value;
}
}
}
# special case insertdate
- if (grep { $form->{$_} } qw(insertdatefrom insertdateto)) {
+ if (grep { trim($form->{$_}) } qw(insertdatefrom insertdateto)) {
$form->{"l_insertdate"} = 1;
push @select_tokens, 'insertdate';
my $token = $token_builder->('insertdate');
for (qw(insertdatefrom insertdateto)) {
- next unless $form->{$_};
+ my $value = trim($form->{$_});
+ next unless $value;
push @where_tokens, sprintf "$token %s ?", /from$/ ? '>=' : '<=';
- push @bind_vars, $form->{$_};
+ push @bind_vars, $value;
}
}
next unless $form->{$_};
$form->{"l_$_"} = '1'; # show the column
push @where_tokens, "$table_prefix{$_}$_ ILIKE ?";
- push @bind_vars, "%$form->{$_}%";
+ push @bind_vars, $::form->like($form->{$_});
}
foreach (@simple_l_switches) {
# fortunately makemodel doesn't need to be displayed later, so adding a special clause to where_token is sufficient.
if ($form->{make}) {
push @where_tokens, 'mv.name ILIKE ?';
- push @bind_vars, "%$form->{make}%";
+ push @bind_vars, $::form->like($form->{make});
}
if ($form->{model}) {
push @where_tokens, 'mm.model ILIKE ?';
- push @bind_vars, "%$form->{model}%";
+ push @bind_vars, $::form->like($form->{model});
}
# special case: sorting by partnumber
next unless ($form->{$column});
$where .= qq| AND $item ILIKE ?|;
- push(@where_values, '%' . $form->{$column} . '%');
+ push(@where_values, $::form->like($form->{$column}));
}
foreach my $item (qw(description serialnumber)) {
next unless ($form->{$item});
$where .= qq| AND (${item} ILIKE ?)|;
- push(@where_values, '%' . $form->{$item} . '%');
+ push(@where_values, $::form->like($form->{$item}));
}
foreach my $column (qw(make model)) {
next unless ($form->{$column});
$where .= qq| AND p.id IN (SELECT DISTINCT parts_id FROM makemodel WHERE $column ILIKE ?|;
- push(@where_values, '%' . $form->{$column} . '%');
+ push(@where_values, $::form->like($form->{$column}));
}
$main::lxdebug->leave_sub();
if ($sortorder eq "all") {
$where .= qq| AND (partnumber ILIKE ?) AND (description ILIKE ?)|;
- push(@values, '%' . $form->{partnumber} . '%', '%' . $form->{description} . '%');
+ push(@values, $::form->like($form->{partnumber}), $::form->like($form->{description}));
} elsif ($sortorder eq "partnumber") {
$where .= qq| AND (partnumber ILIKE ?)|;
- push(@values, '%' . $form->{partnumber} . '%');
+ push(@values, $::form->like($form->{partnumber}));
} elsif ($sortorder eq "description") {
$where .= qq| AND (description ILIKE ?)|;
- push(@values, '%' . $form->{description} . '%');
+ push(@values, $::form->like($form->{description}));
$order = "description";
}
projects / kivitendo-erp.git / commitdiff