<th width=10%>Betrag</th>
</tr>
<?
- pg_exec ($dbh, "SET DateStyle = 'ISO'") or die("Datenbank-Abfrage!");
-
$table = "account";
$value = "value_eur";
$add = '';
- if ((strlen ($_POST[currency]) > 0) && ($_POST[currency] == "dm")) {
+ if ((strlen ($_POST['currency']) > 0) && ($_POST['currency'] == "dm")) {
$table = "account_dm";
$value = "value_dm";
$add = "&cur=dm";
}
- $where[] = "blz_kto = '$_POST[blzkto]'";
- if (strlen($_POST[year])) {
- $where[] = sprintf ("datum >= '%04d-01-01'", $_POST[year]);
+ $where[] = sprintf("blz_kto = '%s'", $_POST['blzkto']);
+ if (strlen($_POST['year'])) {
+ $where[] = sprintf ("datum >= '%04d-01-01'", $_POST['year']);
$year++;
- $where[] = sprintf ("datum < '%04d-01-01'", $_POST[year]+1);
+ $where[] = sprintf ("datum < '%04d-01-01'", $_POST['year']+1);
}
- if (strlen($_POST[deadline]) && strlen(trim($_POST[deadline]))) {
- $date = form_to_yyyymmdd ($_POST[deadline]);
+ if (strlen($_POST[deadline]) && strlen(trim($_POST['deadline']))) {
+ $date = form_to_yyyymmdd ($_POST['deadline']);
$where[] = sprintf ("datum < '%s'", $date);
}
- if (strlen($_POST[statement]) && strlen(trim($_POST[statement]))) {
- $where[] = "statement = '$_POST[statement]'";
+ if (strlen($_POST['statement']) && strlen(trim($_POST['statement']))) {
+ $where[] = sprintf("statement = '%s'", $_POST['statement']);
}
- if (strlen($_POST[category]) && strlen(trim($_POST[category]))) {
- $where[] = "category = '$_POST[category]'";
+ if (strlen($_POST['category']) && strlen(trim($_POST['category']))) {
+ $where[] = sprintf("category = '%s'", $_POST['category']);
}
- if (strlen($_POST[keyword]) && strlen(trim($_POST[keyword]))) {
- $where[] = "descr ~* '$_POST[keyword]'";
+ if (strlen($_POST['keyword']) && strlen(trim($_POST['keyword']))) {
+ $where[] = sprintf("descr ~* '%s'", $_POST['keyword']);
}
- if (strlen($_POST[from_to]) && strlen(trim($_POST[from_to]))) {
- $where[] = "from_to = '$_POST[from_to]'";
+ if (strlen($_POST['from_to']) && strlen(trim($_POST['from_to']))) {
+ $where[] = sprintf("from_to = '%s'", $_POST['from_to']);
}
- if ($_POST[input] && !$_POST[output]) {
+ if ($_POST['input'] && !$_POST['output']) {
$where[] = "$value > 0.0";
- } elseif ($_POST[output] && !$_POST[input]) {
+ } elseif ($_POST['output'] && !$_POST['input']) {
$where[] = "$value < 0.0";
}
$query = "SELECT datum,id,category,descr,$value FROM $table WHERE "
. implode ($where, " AND ")
. " ORDER BY datum,id";
- $sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
$sum = 0.0;
$sum_in = 0.0;
$sum_out = 0.0;
$color = 0;
- for ($nr=0; $nr < pg_NumRows ($sth); $nr++) {
- $row = pg_fetch_array ($sth, $nr);
-
+ foreach ($db->fetchAssocList($query) as $row) {
$descr = explode ("
", $row['descr']);
$date = explode (" ", $row['datum']);