Skip to content
Snippets Groups Projects
Commit 055c633e authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Fix: Bad SQL request: When using a left join on a table X, we must not use a... 

Fix: Bad SQL request: When using a left join on a table X, we must not use a condition on X on the where. If we do this, result will be same than using an exact join with mysql and will return an error with other databases.
parent bcd3f24a
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
htdocs/fourn/commande/liste.php
+ 19
17
View file @ 055c633e
...@@ -19,10 +19,10 @@ ...@@ -19,10 +19,10 @@
*/ */
/** /**
\file htdocs/fourn/commande/liste.php * \file htdocs/fourn/commande/liste.php
\ingroup fournisseur * \ingroup fournisseur
\brief Liste des commandes fournisseurs * \brief Liste des commandes fournisseurs
\version $Id$ * \version $Id$
*/ */
require("./pre.inc.php"); require("./pre.inc.php");
...@@ -72,15 +72,17 @@ $offset = $conf->liste_limit * $page ; ...@@ -72,15 +72,17 @@ $offset = $conf->liste_limit * $page ;
* Mode Liste * Mode Liste
*/ */
$sql = "SELECT s.rowid as socid, s.nom, ".$db->pdate("cf.date_commande")." as dc"; $sql = "SELECT s.rowid as socid, s.nom, ".$db->pdate("cf.date_commande")." as dc,";
$sql.= ", cf.rowid,cf.ref, cf.fk_statut, cf.total_ttc, cf.fk_user_author"; $sql.= " cf.rowid,cf.ref, cf.fk_statut, cf.total_ttc, cf.fk_user_author,";
$sql.= ", u.login"; $sql.= " u.login";
$sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf"; $sql.= " FROM (".MAIN_DB_PREFIX."societe as s,";
$sql.= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ")";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON cf.fk_user_author = u.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON cf.fk_user_author = u.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = cf.fk_soc"; $sql.= " WHERE cf.fk_soc = s.rowid ";
if (!$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql.= " AND s.entity = ".$conf->entity;
$sql.= " WHERE s.entity = ".$conf->entity; if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND sc.fk_user = " .$user->id;
if ($sref) if ($sref)
{ {
$sql.= " AND cf.ref LIKE '%".addslashes($sref)."%'"; $sql.= " AND cf.ref LIKE '%".addslashes($sref)."%'";
...@@ -95,7 +97,7 @@ if ($suser) ...@@ -95,7 +97,7 @@ if ($suser)
} }
if ($sttc) if ($sttc)
{ {
$sql .= " AND ROUND(total_ttc) = ROUND(".price2num($sttc).")"; $sql .= " AND total_ttc = ".price2num($sttc);
} }
if ($sall) if ($sall)
{ {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment