From 1baf71874ccf9a9e366a39db617f284f6e70e4cf Mon Sep 17 00:00:00 2001
From: aspangaro <alexandre.spangaro@gmail.com>
Date: Sat, 7 Mar 2015 15:31:23 +0100
Subject: [PATCH] Sql & $_SERVER["PHP_SELF"]

---
 htdocs/expensereport/card.php                 | 10 +++++-----
 .../class/expensereport.class.php             | 20 +++++++++----------
 htdocs/expensereport/list.php                 | 10 +++++-----
 htdocs/expensereport/synchro_compta.php       | 18 ++++++++---------
 4 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 86c113c24da..345d983b2f6 100755
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -733,12 +733,12 @@ if ($action == "confirm_paid" && GETPOST('confirm')=="yes" && $id > 0 && $user->
 			$insertid = $acct->addline($dateop, $operation, $label, $amount, $num_chq, $cat1, $user);
 
 			if ($insertid > 0):
-			$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport d";
+			$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport as d";
 			$sql.= " SET integration_compta = 1, fk_bank_account = $idAccount";
 			$sql.= " WHERE rowid = $idTrip";
 			$resql=$db->query($sql);
 			if($result):
-			Header("Location: ".$_SEVER["PHP_SELF"]."?id=".$id);
+			Header("Location: ".$_SERVER["PHP_SELF"]."?id=".$id);
 			exit;
 			else:
 			dol_print_error($db);
@@ -1529,9 +1529,9 @@ else
 				$sql.= ' fde.fk_c_tva as vatrate, fde.comments, fde.qty, fde.value_unit, fde.total_ht, fde.total_tva, fde.total_ttc,';
 				$sql.= ' ctf.code as type_fees_code, ctf.label as type_fees_libelle,';
 				$sql.= ' pjt.rowid as projet_id, pjt.title as projet_title, pjt.ref as projet_ref';
-				$sql.= ' FROM '.MAIN_DB_PREFIX.'expensereport_det fde';
-				$sql.= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees ctf ON fde.fk_c_type_fees=ctf.id';
-				$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet pjt ON fde.fk_projet=pjt.rowid';
+				$sql.= ' FROM '.MAIN_DB_PREFIX.'expensereport_det as fde';
+				$sql.= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON fde.fk_c_type_fees=ctf.id';
+				$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as pjt ON fde.fk_projet=pjt.rowid';
 				$sql.= ' WHERE fde.fk_expensereport = '.$id;
 
 				$resql = $db->query($sql);
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index b31329fae95..c34edc5ff79 100755
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -270,7 +270,7 @@ class ExpenseReport extends CommonObject
 		$sql.= " d.fk_user_author, d.fk_user_validator, d.fk_c_expensereport_statuts as status, d.fk_c_paiement,";
 		$sql.= " d.fk_user_valid, d.fk_user_approve, d.fk_user_paid,";
 		$sql.= " dp.libelle as libelle_paiement, dp.code as code_paiement";								// INNER JOIN paiement
-		$sql.= " FROM ".MAIN_DB_PREFIX.$this->table_element." d LEFT JOIN ".MAIN_DB_PREFIX."c_paiement dp ON d.fk_c_paiement = dp.id";
+		$sql.= " FROM ".MAIN_DB_PREFIX.$this->table_element." as d LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as dp ON d.fk_c_paiement = dp.id";
 		if ($ref) $sql.= " WHERE d.ref = '".$this->db->escape($ref)."'";
 		else $sql.= " WHERE d.rowid = ".$id;
 		$sql.= $restrict;
@@ -707,8 +707,8 @@ class ExpenseReport extends CommonObject
 		$sql.= ' ctf.code as code_type_fees, ctf.label as libelle_type_fees,';
 		$sql.= ' p.ref as ref_projet, p.title as title_projet';
 		$sql.= ' FROM '.MAIN_DB_PREFIX.$this->table_element_line.' as de';
-		$sql.= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees ctf ON de.fk_c_type_fees = ctf.id';
-		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet p ON de.fk_projet = p.rowid';
+		$sql.= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON de.fk_c_type_fees = ctf.id';
+		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as p ON de.fk_projet = p.rowid';
 		$sql.= ' WHERE de.'.$this->fk_element.' = '.$this->id;
 
 		dol_syslog('ExpenseReport::fetch_lines sql='.$sql, LOG_DEBUG);
@@ -1186,7 +1186,7 @@ class ExpenseReport extends CommonObject
 
 			// Select du taux de tva par rapport au code
 			$sql = "SELECT t.taux as taux_tva";
-			$sql.= " FROM ".MAIN_DB_PREFIX."c_tva t";
+			$sql.= " FROM ".MAIN_DB_PREFIX."c_tva as t";
 			$sql.= " WHERE t.rowid = ".$c_tva;
 			$result = $this->db->query($sql);
 			$objp_tva = $this->db->fetch_object($result);
@@ -1222,7 +1222,7 @@ class ExpenseReport extends CommonObject
 
 			// Select des infos sur le type fees
 			$sql = "SELECT c.code as code_type_fees, c.label as libelle_type_fees";
-			$sql.= " FROM ".MAIN_DB_PREFIX."c_type_fees c";
+			$sql.= " FROM ".MAIN_DB_PREFIX."c_type_fees as c";
 			$sql.= " WHERE c.id = ".$type_fees_id;
 			$result = $this->db->query($sql);
 			$objp_fees = $this->db->fetch_object($result);
@@ -1231,7 +1231,7 @@ class ExpenseReport extends CommonObject
 
 			// Select des informations du projet
 			$sql = "SELECT p.ref as ref_projet, p.title as title_projet";
-			$sql.= " FROM ".MAIN_DB_PREFIX."projet p";
+			$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
 			$sql.= " WHERE p.rowid = ".$projet_id;
 			$result = $this->db->query($sql);
 			$objp_projet = $this->db->fetch_object($result);
@@ -1460,9 +1460,9 @@ class ExpenseReportLine
 		$sql.= ' fde.fk_c_tva as tva_taux, fde.comments, fde.qty, fde.value_unit, fde.total_ht, fde.total_tva, fde.total_ttc,';
 		$sql.= ' ctf.code as type_fees_code, ctf.label as type_fees_libelle,';
 		$sql.= ' pjt.rowid as projet_id, pjt.title as projet_title, pjt.ref as projet_ref';
-		$sql.= ' FROM '.MAIN_DB_PREFIX.'expensereport_det fde';
-		$sql.= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees ctf ON fde.fk_c_type_fees=ctf.id';
-		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet pjt ON fde.fk_projet=pjt.rowid';
+		$sql.= ' FROM '.MAIN_DB_PREFIX.'expensereport_det as fde';
+		$sql.= ' INNER JOIN '.MAIN_DB_PREFIX.'c_type_fees as ctf ON fde.fk_c_type_fees=ctf.id';
+		$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'projet as pjt ON fde.fk_projet=pjt.rowid';
 		$sql.= ' WHERE fde.rowid = '.$rowid;
 
 		$result = $this->db->query($sql);
@@ -1708,4 +1708,4 @@ function select_type_fees_id($selected='',$htmlname='type',$showempty=0)
 		}
 	}
 	print '</select>';
-}
+}
\ No newline at end of file
diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php
index d6700ac26a2..76a72836e17 100755
--- a/htdocs/expensereport/list.php
+++ b/htdocs/expensereport/list.php
@@ -88,16 +88,16 @@ $pagenext = $page + 1;
 $sql = "SELECT d.rowid, d.ref, d.total_ht, d.total_tva, d.total_ttc, d.fk_c_expensereport_statuts as status,";
 $sql.= " d.date_debut, d.date_fin,";
 $sql.= " u.rowid as id_user, u.firstname, u.lastname";
-$sql.= " FROM ".MAIN_DB_PREFIX."expensereport d\n";
-$sql.= " INNER JOIN ".MAIN_DB_PREFIX."user u ON d.fk_user_author = u.rowid\n";
+$sql.= " FROM ".MAIN_DB_PREFIX."expensereport as d";
+$sql.= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON d.fk_user_author = u.rowid";
 
 
 
 // WHERE
 if(!empty($search_ref)){
-	$sql.= " WHERE d.ref LIKE '%".$db->escape($search_ref)."%'\n";
+	$sql.= " WHERE d.ref LIKE '%".$db->escape($search_ref)."%'";
 }else{
-	$sql.= " WHERE 1 = 1\n";
+	$sql.= " WHERE 1 = 1";
 }
 // DATE START
 if ($month_start > 0) {
@@ -156,7 +156,7 @@ if ($month_start > 0) {
 		}
 	}
 }
-if (!empty($search_user) && $search_user > 0) $sql.= " AND d.fk_user_author = ".$search_user."\n";
+if (!empty($search_user) && $search_user > 0) $sql.= " AND d.fk_user_author = '".$search_user."'";
 if($search_state != '') $sql.= " AND d.fk_c_expensereport_statuts = '$search_state'\n";
 
 // RESTRICT RIGHTS
diff --git a/htdocs/expensereport/synchro_compta.php b/htdocs/expensereport/synchro_compta.php
index b8f7760e409..a436f92e682 100755
--- a/htdocs/expensereport/synchro_compta.php
+++ b/htdocs/expensereport/synchro_compta.php
@@ -49,12 +49,12 @@ if ($_GET["action"] == 'confirm_ndf_to_account' && $_GET["confirm"] == "yes"):
 	$insertid = $acct->addline($dateop, $operation, $label, $amount, $num_chq, $cat1, $user);
 
 	if ($insertid > 0):
-		$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport d";
+		$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport as d";
 		$sql.= " SET integration_compta = 1, fk_bank_account = $idAccount";
 		$sql.= " WHERE rowid = $idTrip";
 		$resql=$db->query($sql);
 		if($result):
-			Header("Location: synchro_compta.php?account=".$idAccount);
+			Header("Location: ".$_SERVER["PHP_SELF"]."?account=".$idAccount);
 			exit;
 		else:
 			dol_print_error($db);
@@ -75,12 +75,12 @@ if ($_GET["action"] == 'confirm_account_to_ndf' && $_GET["confirm"] == "yes"):
 	$sql.= " WHERE label LIKE '%".$expensereport->ref."%'";
 	$resql=$db->query($sql);
 	if ($resql > 0):
-		$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport d";
+		$sql = " UPDATE ".MAIN_DB_PREFIX."expensereport as d";
 		$sql.= " SET integration_compta = 0, fk_bank_account = 0";
 		$sql.= " WHERE rowid = $idTrip";
 		$resql=$db->query($sql);
 		if($result):
-			Header("Location: synchro_compta.php?account=".$idAccount);
+			Header("Location: ".$_SERVER["PHP_SELF"]."?account=".$idAccount);
 			exit;
 		else:
 			dol_print_error($db);
@@ -110,13 +110,13 @@ dol_fiche_head('');
 
 if ($_GET["action"] == 'ndfTOaccount'):
 	$idTrip = $_GET['idTrip'];
-	$ret=$html->form_confirm("synchro_compta.php?idTrip=".$idTrip."&account=".$idAccount,$langs->trans("ndfToAccount"),$langs->trans("ConfirmNdfToAccount"),"confirm_ndf_to_account","","",1);
+	$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?idTrip=".$idTrip."&account=".$idAccount,$langs->trans("ndfToAccount"),$langs->trans("ConfirmNdfToAccount"),"confirm_ndf_to_account","","",1);
 	if ($ret == 'html') print '<br />';
 endif;
 
 if ($_GET["action"] == 'accountTOndf'):
 	$idTrip = $_GET['idTrip'];
-	$ret=$html->form_confirm("synchro_compta.php?idTrip=".$idTrip."&account=".$idAccount,$langs->trans("AccountToNdf"),$langs->trans("ConfirmAccountToNdf"),"confirm_account_to_ndf","","",1);
+	$ret=$html->form_confirm($_SERVER["PHP_SELF"]."?idTrip=".$idTrip."&account=".$idAccount,$langs->trans("AccountToNdf"),$langs->trans("ConfirmAccountToNdf"),"confirm_account_to_ndf","","",1);
 	if ($ret == 'html') print '<br />';
 endif;
 
@@ -138,8 +138,8 @@ else:
 
 	$sql = "SELECT d.fk_bank_account, d.ref, d.rowid, d.date_valid, d.fk_user_author, d.total_ttc, d.integration_compta, d.fk_c_expensereport_statuts";
 	$sql.= " ,CONCAT(u.firstname,' ',u.lastname) as declarant_NDF";
-	$sql.= " FROM ".MAIN_DB_PREFIX."expensereport d";
-	$sql.= " INNER JOIN ".MAIN_DB_PREFIX."user u ON d.fk_user_author = u.rowid";
+	$sql.= " FROM ".MAIN_DB_PREFIX."expensereport as d";
+	$sql.= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON d.fk_user_author = u.rowid";
 	$sql.= " WHERE d.fk_c_expensereport_statuts = 6";
 	$sql.= " ORDER BY d.date_valid DESC";
 
@@ -200,7 +200,7 @@ else:
 			print "</table>";
 
 		else:
-			print '<div class="error">'.$langs->trans("AucuneTripToSynch").'</div>';
+			print '<div class="error">'.$langs->trans("NoTripToSync").'</div>';
 		endif;
 
 		$db->free($resql);