AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

replace all instances of mysqli_fetch_array with mysqli_fetch_assoc for better performance and memory usage

Browse Source
This commit is contained in:
johnnyq
2026-01-14 17:30:23 -05:00
parent cb8b99d6ae
commit 0a30300bde
361 changed files with 1880 additions and 1904 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
guest/guest_ajax.php
View File

@@ -42,7 +42,7 @@ if (isset($_GET['stripe_create_pi'])) {
exit("Invalid Invoice ID/SQL query");
}
$row = mysqli_fetch_array($invoice_sql);
$row = mysqli_fetch_assoc($invoice_sql);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
$invoice_amount = floatval($row['invoice_amount']);
@@ -52,7 +52,7 @@ if (isset($_GET['stripe_create_pi'])) {
// Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row_amt = mysqli_fetch_array($sql_amount_paid);
$row_amt = mysqli_fetch_assoc($sql_amount_paid);
$amount_paid = floatval($row_amt['amount_paid']);
$balance_to_pay = $invoice_amount - $amount_paid;
@@ -63,7 +63,7 @@ if (isset($_GET['stripe_create_pi'])) {
}
// Setup Stripe from payment_providers
$stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_name = 'Stripe' LIMIT 1"));
$stripe_provider = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_name = 'Stripe' LIMIT 1"));
if (!$stripe_provider) {
exit("Stripe not enabled / configured");
}

3
guest/guest_approve_ticket_task.php
View File

@@ -17,7 +17,7 @@ if (!isset($_GET['task_approval_id'], $_GET['url_key'])) {
}
// Company info
$company_sql_row = mysqli_fetch_array(mysqli_query($mysqli, "
$company_sql_row = mysqli_fetch_assoc(mysqli_query($mysqli, "
SELECT
company_phone,
company_phone_country_code,
@@ -111,4 +111,3 @@ $ticket_details = $purifier->purify($task_row['ticket_details']);
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';

4
guest/guest_download_file.php
View File

@@ -16,7 +16,7 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$item_key = sanitizeInput($_GET['key']);
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$item_active = intval($row['item_active']);
$item_type = sanitizeInput($row['item_type']);
@@ -50,7 +50,7 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
}
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
$file_row = mysqli_fetch_assoc($file_sql);
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
exit("Item cannot be viewed at this time (No file, may have been deleted).");

18
guest/guest_pay_invoice_stripe.php
View File

@@ -5,7 +5,7 @@ require_once 'includes/inc_all_guest.php';
DEFINE("WORDING_PAYMENT_FAILED", "<br><h2>There was an error verifying your payment. Please contact us for more information before attempting payment again.</h2>");
// --- Get Stripe config from payment_providers table ---
$stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers"));
$stripe_provider = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payment_providers"));
$stripe_publishable = nullable_htmlentities($stripe_provider['payment_provider_public_key']);
@@ -42,7 +42,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
exit();
}
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -57,13 +57,13 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Company info for currency formatting, etc
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$company_row = mysqli_fetch_array($sql_company);
$company_row = mysqli_fetch_assoc($sql_company);
$company_locale = nullable_htmlentities($company_row['company_locale']);
$config_base_url = nullable_htmlentities($company_row['company_base_url'] ?? ''); // You might want to pull from settings if needed
// Add up all payments made to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$amount_paid = floatval(mysqli_fetch_array($sql_amount_paid)['amount_paid']);
$amount_paid = floatval(mysqli_fetch_assoc($sql_amount_paid)['amount_paid']);
$balance_to_pay = round($invoice_amount - $amount_paid, 2);
// Get invoice items
@@ -95,7 +95,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_invoice_items)) {
while ($row = mysqli_fetch_assoc($sql_invoice_items)) {
$item_name = nullable_htmlentities($row['item_name']);
$item_quantity = floatval($row['item_quantity']);
$item_total = floatval($row['item_total']);
@@ -199,7 +199,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
exit(WORDING_PAYMENT_FAILED);
}
$row = mysqli_fetch_array($invoice_sql);
$row = mysqli_fetch_assoc($invoice_sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -212,7 +212,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$contact_email = sanitizeInput($row['contact_email']);
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$row = mysqli_fetch_assoc($sql_company);
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
$company_locale = sanitizeInput($row['company_locale']);
@@ -220,7 +220,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
$sql_amount_paid_previously = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$amount_paid_previously = floatval(mysqli_fetch_array($sql_amount_paid_previously)['amount_paid']);
$amount_paid_previously = floatval(mysqli_fetch_assoc($sql_amount_paid_previously)['amount_paid']);
$balance_to_pay = $invoice_amount - $amount_paid_previously;
// Stripe expense
@@ -254,7 +254,7 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
// Email Receipt
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$settings = mysqli_fetch_array($sql_settings);
$settings = mysqli_fetch_assoc($sql_settings);
$config_smtp_host = $settings['config_smtp_host'];
$config_invoice_from_name = sanitizeInput($settings['config_invoice_from_name']);

88
guest/guest_post.php
View File

@@ -17,7 +17,7 @@ if (isset($_GET['accept_quote'], $_GET['url_key'])) {
$sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_name, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$client_name = sanitizeInput($row['client_name']);
@@ -33,11 +33,11 @@ if (isset($_GET['accept_quote'], $_GET['url_key'])) {
// Internal email notification
$sql_company = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$row = mysqli_fetch_assoc($sql_company);
$company_name = sanitizeInput($row['company_name']);
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
$row = mysqli_fetch_assoc($sql_settings);
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];
@@ -64,9 +64,9 @@ if (isset($_GET['accept_quote'], $_GET['url_key'])) {
}
flash_alert("Quote Accepted");
redirect();
} else {
echo "Invalid!!";
}
@@ -82,7 +82,7 @@ if (isset($_GET['decline_quote'], $_GET['url_key'])) {
$sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_name, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$client_name = sanitizeInput($row['client_name']);
@@ -98,11 +98,11 @@ if (isset($_GET['decline_quote'], $_GET['url_key'])) {
// Internal email notification
$sql_company = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
$row = mysqli_fetch_assoc($sql_company);
$company_name = sanitizeInput($row['company_name']);
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
$row = mysqli_fetch_array($sql_settings);
$row = mysqli_fetch_assoc($sql_settings);
$config_smtp_host = $row['config_smtp_host'];
$config_smtp_port = intval($row['config_smtp_port']);
$config_smtp_encryption = $row['config_smtp_encryption'];
@@ -130,7 +130,7 @@ if (isset($_GET['decline_quote'], $_GET['url_key'])) {
flash_alert("Quote Declined", 'danger');
redirect();
} else {
echo "Invalid!!";
}
@@ -138,7 +138,7 @@ if (isset($_GET['decline_quote'], $_GET['url_key'])) {
}
if (isset($_GET['reopen_ticket'], $_GET['url_key'])) {
$ticket_id = intval($_GET['ticket_id']);
$url_key = sanitizeInput($_GET['url_key']);
@@ -148,16 +148,16 @@ if (isset($_GET['reopen_ticket'], $_GET['url_key'])) {
if (mysqli_num_rows($sql) == 1) {
// Update the ticket
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 2, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id AND ticket_url_key = '$url_key'");
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket reopened by client (guest URL).', ticket_reply_type = 'Internal', ticket_reply_by = 0, ticket_reply_ticket_id = $ticket_id");
customAction('ticket_update', $ticket_id);
flash_alert("Ticket reopened");
redirect();
} else {
echo "Invalid!!";
}
@@ -165,7 +165,7 @@ if (isset($_GET['reopen_ticket'], $_GET['url_key'])) {
}
if (isset($_GET['close_ticket'], $_GET['url_key'])) {
$ticket_id = intval($_GET['ticket_id']);
$url_key = sanitizeInput($_GET['url_key']);
@@ -173,26 +173,26 @@ if (isset($_GET['close_ticket'], $_GET['url_key'])) {
$sql = mysqli_query($mysqli, "SELECT ticket_id FROM tickets WHERE ticket_id = $ticket_id AND ticket_url_key = '$url_key' AND ticket_resolved_at IS NOT NULL AND ticket_closed_at IS NULL");
if (mysqli_num_rows($sql) == 1) {
// Update the ticket
mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 5, ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_url_key = '$url_key'");
// Add reply
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by client (guest URL).', ticket_reply_type = 'Internal', ticket_reply_by = 0, ticket_reply_ticket_id = $ticket_id");
customAction('ticket_close', $ticket_id);
flash_alert("Ticket closed");
redirect();
} else {
echo "Invalid!!";
}
}
if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
$ticket_id = intval($_GET['ticket_id']);
$url_key = sanitizeInput($_GET['url_key']);
$feedback = sanitizeInput($_GET['feedback']);
@@ -206,7 +206,7 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
// Notify on bad feedback
if ($feedback == "Bad") {
$ticket_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"));
$ticket_details = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT ticket_prefix, ticket_number FROM tickets WHERE ticket_id = $ticket_id LIMIT 1"));
$ticket_prefix = sanitizeInput($ticket_details['ticket_prefix']);
$ticket_number = intval($ticket_details['ticket_number']);
@@ -214,11 +214,11 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
}
flash_alert("Feedback recorded - thank you");
redirect();
customAction('ticket_feedback', $ticket_id);
} else {
echo "Invalid!!";
}
@@ -231,7 +231,7 @@ if (isset($_GET['approve_ticket_task'])) {
$approval_id = intval($_GET['approval_id']);
$url_key = sanitizeInput($_GET['approval_url_key']);
$approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending'"));
$approval_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending'"));
$task_name = nullable_htmlentities($approval_row['task_name']);
$scope = nullable_htmlentities($approval_row['approval_scope']);
@@ -275,7 +275,7 @@ if (isset($_GET['export_quote_pdf'])) {
if (mysqli_num_rows($sql) == 1) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_id = intval($row['quote_id']);
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
@@ -311,7 +311,7 @@ if (isset($_GET['export_quote_pdf'])) {
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_id = intval($row['company_id']);
$company_name = nullable_htmlentities($row['company_name']);
@@ -400,9 +400,9 @@ if (isset($_GET['export_quote_pdf'])) {
// Load items
$sub_total = 0;
$total_tax = 0;
$sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_quote_id = $quote_id ORDER BY item_order ASC");
while ($item = mysqli_fetch_array($sql_items)) {
while ($item = mysqli_fetch_assoc($sql_items)) {
$name = $item['item_name'];
$desc = $item['item_description'];
$qty = $item['item_quantity'];
@@ -476,7 +476,7 @@ if (isset($_GET['export_invoice_pdf'])) {
if (mysqli_num_rows($sql) == 1) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -512,7 +512,7 @@ if (isset($_GET['export_invoice_pdf'])) {
}
$sql = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_id = intval($row['company_id']);
$company_name = nullable_htmlentities($row['company_name']);
$company_country = nullable_htmlentities($row['company_country']);
@@ -539,7 +539,7 @@ if (isset($_GET['export_invoice_pdf'])) {
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$row = mysqli_fetch_assoc($sql_amount_paid);
$amount_paid = floatval($row['amount_paid']);
$balance = $invoice_amount - $amount_paid;
@@ -623,9 +623,9 @@ if (isset($_GET['export_invoice_pdf'])) {
// Load items
$sub_total = 0;
$total_tax = 0;
$sql_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_order ASC");
while ($item = mysqli_fetch_array($sql_items)) {
while ($item = mysqli_fetch_assoc($sql_items)) {
$name = $item['item_name'];
$desc = $item['item_description'];
$qty = $item['item_quantity'];
@@ -683,13 +683,13 @@ if (isset($_GET['export_invoice_pdf'])) {
$filename = preg_replace('/[^A-Za-z0-9_\-]/', '_', "{$invoice_date}_{$company_name}_{$client_name}_Invoice_{$invoice_prefix}{$invoice_number}");
$pdf->Output("$filename.pdf", 'I');
}
exit;
}
if (isset($_POST['guest_quote_upload_file'])) {
$quote_id = intval($_POST['quote_id']);
$url_key = sanitizeInput($_POST['url_key']);
@@ -697,7 +697,7 @@ if (isset($_POST['guest_quote_upload_file'])) {
$sql = mysqli_query($mysqli, "SELECT quote_prefix, quote_number, client_id FROM quotes LEFT JOIN clients ON quote_client_id = client_id WHERE quote_id = $quote_id AND quote_url_key = '$url_key'");
if (mysqli_num_rows($sql) == 1) {
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_prefix = sanitizeInput($row['quote_prefix']);
$quote_number = intval($row['quote_number']);
$client_id = intval($row['client_id']);
@@ -738,7 +738,7 @@ if (isset($_POST['guest_quote_upload_file'])) {
$folder_sql = mysqli_query($mysqli, "SELECT * FROM folders WHERE folder_name = 'Client Uploads' AND parent_folder = 0 AND folder_client_id = $client_id LIMIT 1");
if (mysqli_num_rows($folder_sql) == 1) {
// Get
$row = mysqli_fetch_array($folder_sql);
$row = mysqli_fetch_assoc($folder_sql);
$folder_id = $row['folder_id'];
} else {
// Create
@@ -759,16 +759,16 @@ if (isset($_POST['guest_quote_upload_file'])) {
// Logging & feedback
flash_alert('File uploaded!');
appNotify("Quote File", "$file_name was uploaded to quote $quote_prefix$quote_number", "/agent/quote.php?quote_id=$quote_id", $client_id);
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Upload', history_description = 'Client uploaded file $file_name', history_quote_id = $quote_id");
logAction("File", "Upload", "Guest uploaded file $file_name to quote $quote_prefix$quote_number", $client_id);
} else {
flash_alert('Something went wrong uploading the file - please let the support team know.', 'error');
logApp("Guest", "error", "Error uploading file to invoice");
}

28
guest/guest_view_invoice.php
View File

@@ -30,7 +30,7 @@ if (mysqli_num_rows($sql) !== 1) {
exit();
}
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
@@ -62,7 +62,7 @@ $client_currency_code = nullable_htmlentities($row['client_currency_code']);
$client_net_terms = intval($row['client_net_terms']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = nullable_htmlentities($row['company_name']);
$company_address = nullable_htmlentities($row['company_address']);
@@ -85,11 +85,11 @@ if (!empty($company_logo)) {
$company_logo_base64 = base64_encode(file_get_contents("../uploads/settings/$company_logo"));
}
$company_locale = nullable_htmlentities($row['company_locale']);
$config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']);
$config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']);
// Get Payment Provide Details
$sql = mysqli_query($mysqli, "SELECT * FROM payment_providers WHERE payment_provider_active = 1 LIMIT 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$payment_provider_id = intval($row['payment_provider_id']);
$payment_provider_name = nullable_htmlentities($row['payment_provider_name']);
$payment_provider_threshold = floatval($row['payment_provider_threshold']);
@@ -111,15 +111,15 @@ if ($invoice_status == 'Sent') {
mysqli_query($mysqli, "INSERT INTO history SET history_status = '$invoice_status', history_description = 'Invoice viewed - $ip - $os - $browser', history_invoice_id = $invoice_id");
if ($invoice_status !== 'Paid') {
appNotify("Invoice Viewed", "Invoice $invoice_prefix$invoice_number has been viewed by $client_name_escaped - $ip - $os - $browser", "/agent/invoice.php?invoice_id=$invoice_id", $client_id);
}
$sql_payments = mysqli_query($mysqli, "SELECT * FROM payments, accounts WHERE payment_account_id = account_id AND payment_invoice_id = $invoice_id ORDER BY payments.payment_id DESC");
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
$row = mysqli_fetch_array($sql_amount_paid);
$row = mysqli_fetch_assoc($sql_amount_paid);
$amount_paid = floatval($row['amount_paid']);
// Calculate the balance owed
@@ -141,12 +141,12 @@ $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE it
// Get Total Account Balance
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_invoice_amounts = mysqli_query($mysqli, "SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status != 'Draft' AND invoice_status != 'Cancelled' AND invoice_status != 'Non-Billable'");
$row = mysqli_fetch_array($sql_invoice_amounts);
$row = mysqli_fetch_assoc($sql_invoice_amounts);
$account_balance = floatval($row['invoice_amounts']);
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoice_id AND invoice_client_id = $client_id");
$row = mysqli_fetch_array($sql_amount_paid);
$row = mysqli_fetch_assoc($sql_amount_paid);
$account_amount_paid = floatval($row['amount_paid']);
@@ -180,7 +180,7 @@ if ($balance > 0) {
(
$payment_provider_threshold == 0 ||
$payment_provider_threshold > $invoice_amount
)
)
){ ?>
<a class="btn btn-success" href="guest_pay_invoice_stripe.php?invoice_id=<?php echo $invoice_id; ?>&url_key=<?php echo $url_key; ?>"><i class="fa fa-fw fa-credit-card mr-2"></i>Pay Now </a>
<?php } ?>
@@ -264,7 +264,7 @@ if ($balance > 0) {
$total_tax = 0.00;
$sub_total = 0.00 - $invoice_discount;
while ($row = mysqli_fetch_array($sql_invoice_items)) {
while ($row = mysqli_fetch_assoc($sql_invoice_items)) {
$item_id = intval($row['item_id']);
$item_name = nullable_htmlentities($row['item_name']);
$item_description = nullable_htmlentities($row['item_description']);
@@ -338,7 +338,7 @@ if ($balance > 0) {
<td class="text-right text-success"><?php echo numfmt_format_currency($currency_format, $amount_paid, $invoice_currency_code); ?></td>
</tr>
<?php
}
}
?>
<tr class="h5 text-bold">
<td>Balance:</td>
@@ -383,7 +383,7 @@ if ($current_invoices_count > 0) { ?>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_current_invoices)) {
while ($row = mysqli_fetch_assoc($sql_current_invoices)) {
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);
@@ -445,7 +445,7 @@ if ($outstanding_invoices_count > 0) { ?>
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_outstanding_invoices)) {
while ($row = mysqli_fetch_assoc($sql_outstanding_invoices)) {
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
$invoice_number = intval($row['invoice_number']);

10
guest/guest_view_item.php
View File

@@ -16,7 +16,7 @@ $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'htt
$purifier = new HTMLPurifier($purifier_config);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = nullable_htmlentities($row['company_name']);
$company_address = nullable_htmlentities($row['company_address']);
@@ -48,7 +48,7 @@ $item_id = intval($_GET['id']);
$item_key = sanitizeInput($_GET['key']);
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
// Check we got a result
if (mysqli_num_rows($sql) !== 1 || !$row) {
@@ -119,7 +119,7 @@ appNotify("Share Viewed", "$item_type_sql_escaped has been viewed by $item_recip
if ($item_type == "Document") {
$doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $item_related_id AND document_client_id = $client_id LIMIT 1");
$doc_row = mysqli_fetch_array($doc_sql);
$doc_row = mysqli_fetch_assoc($doc_sql);
if (mysqli_num_rows($doc_sql) !== 1 || !$doc_row) {
echo "<div class='alert alert-danger'>Error retrieving document to view.</div>";
@@ -146,7 +146,7 @@ if ($item_type == "Document") {
} elseif ($item_type == "File") {
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
$file_row = mysqli_fetch_assoc($file_sql);
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
echo "<div class='alert alert-danger'>Error retrieving file.</div>";
@@ -168,7 +168,7 @@ if ($item_type == "Document") {
$encryption_key = $_GET['ek'];
$credential_sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $item_related_id AND credential_client_id = $client_id LIMIT 1");
$credential_row = mysqli_fetch_array($credential_sql);
$credential_row = mysqli_fetch_assoc($credential_sql);
if (mysqli_num_rows($credential_sql) !== 1 || !$credential_row) {
echo "<div class='alert alert-danger'>Error retrieving login.</div>";
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';

6
guest/guest_view_quote.php
View File

@@ -32,7 +32,7 @@ if (mysqli_num_rows($sql) !== 1) {
exit();
}
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$quote_id = intval($row['quote_id']);
$quote_prefix = nullable_htmlentities($row['quote_prefix']);
@@ -62,7 +62,7 @@ $client_website = nullable_htmlentities($row['client_website']);
$client_currency_code = nullable_htmlentities($row['client_currency_code']);
$sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$company_name = nullable_htmlentities($row['company_name']);
$company_address = nullable_htmlentities($row['company_address']);
$company_city = nullable_htmlentities($row['company_city']);
@@ -198,7 +198,7 @@ if ($quote_status == "Draft" || $quote_status == "Sent" || $quote_status == "Vie
$total_tax = $sub_total = 0; // Default 0
while ($row = mysqli_fetch_array($sql_items)) {
while ($row = mysqli_fetch_assoc($sql_items)) {
$item_id = intval($row['item_id']);
$item_name = nullable_htmlentities($row['item_name']);
$item_description = nullable_htmlentities($row['item_description']);

14
guest/guest_view_ticket.php
View File

@@ -17,15 +17,15 @@ if (!isset($_GET['ticket_id'], $_GET['url_key'])) {
}
// Company info
$company_sql_row = mysqli_fetch_array(mysqli_query($mysqli, "
SELECT
$company_sql_row = mysqli_fetch_assoc(mysqli_query($mysqli, "
SELECT
company_phone,
company_phone_country_code,
company_website
FROM
company_website
FROM
companies,
settings
WHERE
WHERE
companies.company_id = settings.company_id
AND companies.company_id = 1"
));
@@ -52,7 +52,7 @@ if (mysqli_num_rows($ticket_sql) !== 1) {
exit();
}
$ticket_row = mysqli_fetch_array($ticket_sql);
$ticket_row = mysqli_fetch_assoc($ticket_sql);
if ($ticket_row) {
@@ -149,7 +149,7 @@ if ($ticket_row) {
<?php
$sql = mysqli_query($mysqli, "SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type != 'Internal' ORDER BY ticket_reply_id DESC");
while ($row = mysqli_fetch_array($sql)) {
while ($row = mysqli_fetch_assoc($sql)) {
$ticket_reply_id = intval($row['ticket_reply_id']);
$ticket_reply = $purifier->purify($row['ticket_reply']);
$ticket_reply_created_at = nullable_htmlentities($row['ticket_reply_created_at']);

2
guest/includes/inc_all_guest.php
View File

@@ -16,7 +16,7 @@ $browser = sanitizeInput(getWebBrowser($user_agent));
// Get Company Name
$sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql);
$row = mysqli_fetch_assoc($sql);
$session_company_name = $row['company_name'];