/**
* @see getItemIdBase
*/
function testGetItemIdBase()
{
assertEquals("1401", getItemIdBase("1401-1"));
assertEquals("1401", getItemIdBase("1401"));
}
<?php
// create the database connection and import common methods
require_once "../../Common/databaseConnection.php";
require_once "../../Common/util.php";
require_once "common.php";
require_once "../urlToPdf/convertToPdf-pdfonline.php";
$id = htmlspecialchars($_POST["id"]);
$idBase = getItemIdBase($id);
if (!$idBase) {
echo "{$id} doesn't have a valid idBase";
return;
}
// Note: this is vulnerable to abuse,
// as someone could construct a URL with arbitrary HTML, and we would create a PDF out of it.
if (!isset($_POST["html"])) {
echo "HTML was not sent to generate a PDF.";
return;
}
// Since we'll be sending this HTML to a web-service, we need to make sure slashes haven't been added.
$html = get_magic_quotes_gpc() ? stripslashes($_POST["html"]) : $_POST["html"];
// quickbook_item_supplements
$sizeKey = "size";
$productTypeKey = "productType";
$query = createSqlQuery("SELECT qbis.size as '{$sizeKey}'", ", qbis.product_type as '{$productTypeKey}'", "FROM quickbooks_item_supplements qbis", "WHERE qbis.id LIKE '{$idBase}-%'");
$result = queryDb($query);
if (mysql_num_rows($result) == 0) {
// quickbooks_item_supplements with this id doesn't exist
echo "No information for products with id base: {$idBase}.";
return;
}
