|
|
@@ -101,34 +101,35 @@ if ($act == "save") {
|
|
|
// Initialize arrays for contact methods
|
|
|
$methods = ['tel', 'email', 'whatsapp', 'wechat', 'linkedin', 'facebook', 'alibaba'];
|
|
|
$fields = ['customer_id', 'contact_name'];
|
|
|
- $values = [$id, "'$contact_name'"];
|
|
|
+ $values = [$id, "'".$conn->real_escape_string($contact_name)."'"];
|
|
|
|
|
|
// Process each contact method (up to 3 entries each)
|
|
|
foreach ($methods as $method) {
|
|
|
for ($i = 1; $i <= 3; $i++) {
|
|
|
$field_base = $method . '_' . $i;
|
|
|
- $value = textEncode($contact[$field_base] ?? '');
|
|
|
+ $value = $contact[$field_base] ?? '';
|
|
|
+ $escaped_value = $conn->real_escape_string(textEncode($value));
|
|
|
$fields[] = $field_base;
|
|
|
- $values[] = "'$value'";
|
|
|
+ $values[] = "'$escaped_value'";
|
|
|
|
|
|
// Add format field for tel and whatsapp
|
|
|
if ($method == 'tel' || $method == 'whatsapp') {
|
|
|
$format_value = numFormat($value);
|
|
|
$fields[] = $field_base . '_format';
|
|
|
- $values[] = "'$format_value'";
|
|
|
+ $values[] = "'".$conn->real_escape_string($format_value)."'";
|
|
|
}
|
|
|
|
|
|
// Add backup field
|
|
|
- $bu_value = textEncode($contact[$field_base . '_bu'] ?? $value);
|
|
|
+ $bu_value = $contact[$field_base . '_bu'] ?? $value;
|
|
|
+ $escaped_bu_value = $conn->real_escape_string(textEncode($bu_value));
|
|
|
$fields[] = $field_base . '_bu';
|
|
|
- $values[] = "'$bu_value'";
|
|
|
+ $values[] = "'$escaped_bu_value'";
|
|
|
}
|
|
|
}
|
|
|
|
|
|
// Create and execute insert statement for contact
|
|
|
$sql = "INSERT INTO customer_contact (" . implode(', ', $fields) . ", created_at, updated_at)
|
|
|
VALUES (" . implode(', ', $values) . ", NOW(), NOW())";
|
|
|
-
|
|
|
$conn->query($sql);
|
|
|
}
|
|
|
}
|
|
|
@@ -789,8 +790,8 @@ if (!empty($fliterDeal)) {
|
|
|
}
|
|
|
|
|
|
if (!empty($fliterTeam)) {
|
|
|
- $filterStr .= " AND (c.cs_belong=" . intval($fliterTeam) .
|
|
|
- " OR c.cs_belong IN (SELECT id FROM employee WHERE em_role=" . intval($fliterTeam) . "))";
|
|
|
+ $teamId = intval($fliterTeam);
|
|
|
+ $filterStr .= " AND (c.cs_belong=$teamId OR c.cs_belong IN (SELECT id FROM employee WHERE em_role=$teamId))";
|
|
|
$urlStr .= "&fliterTeam=$fliterTeam";
|
|
|
}
|
|
|
|
|
|
@@ -827,30 +828,57 @@ $sql = "SELECT c.id, c.cs_code, c.cs_company, c.cs_country, c.cs_address,
|
|
|
cc.alibaba_1 as cs_alibaba
|
|
|
FROM customer c
|
|
|
LEFT JOIN customer_contact cc ON c.id = cc.customer_id
|
|
|
- WHERE (c.cs_code LIKE '%$keyscode%'
|
|
|
- OR cc.contact_name LIKE '%$keyscode%'
|
|
|
- OR cc.tel_1 LIKE '%$keyscode%'
|
|
|
- OR cc.tel_2 LIKE '%$keyscode%'
|
|
|
- OR cc.tel_3 LIKE '%$keyscode%'
|
|
|
- OR cc.wechat_1 LIKE '%$keyscode%'
|
|
|
- OR cc.wechat_2 LIKE '%$keyscode%'
|
|
|
- OR cc.wechat_3 LIKE '%$keyscode%'
|
|
|
- OR cc.alibaba_1 LIKE '%$keyscode%'
|
|
|
- OR cc.alibaba_2 LIKE '%$keyscode%'
|
|
|
- OR cc.alibaba_3 LIKE '%$keyscode%'
|
|
|
- OR cc.whatsapp_1_format LIKE '%$keyscode%'
|
|
|
- OR cc.whatsapp_2_format LIKE '%$keyscode%'
|
|
|
- OR cc.whatsapp_3_format LIKE '%$keyscode%'
|
|
|
- OR cc.email_1 LIKE '%$keyscode%'
|
|
|
- OR cc.email_2 LIKE '%$keyscode%'
|
|
|
- OR cc.email_3 LIKE '%$keyscode%')
|
|
|
+ WHERE (c.cs_code LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.contact_name LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.tel_1 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.tel_2 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.tel_3 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.wechat_1 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.wechat_2 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.wechat_3 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.alibaba_1 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.alibaba_2 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.alibaba_3 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.whatsapp_1_format LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.whatsapp_2_format LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.whatsapp_3_format LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.email_1 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.email_2 LIKE '%".$conn->real_escape_string($keyscode)."%'
|
|
|
+ OR cc.email_3 LIKE '%".$conn->real_escape_string($keyscode)."%')
|
|
|
$filterStr
|
|
|
ORDER BY c.cs_updatetime DESC";
|
|
|
|
|
|
-$result = $conn->query($sql);
|
|
|
+// Execute query to count total records
|
|
|
+$countResult = $conn->query($sql);
|
|
|
+if (!$countResult) {
|
|
|
+ die("查询失败: " . $conn->error . "<br>SQL: " . $sql);
|
|
|
+}
|
|
|
+$totalRecords = $countResult->num_rows;
|
|
|
+$countResult->close(); // 关闭第一个结果集
|
|
|
|
|
|
-$totalPages = 0;
|
|
|
+// Create pagination variables
|
|
|
$pageSize = 18;
|
|
|
+$totalPages = ceil($totalRecords / $pageSize);
|
|
|
+if ($totalPages < 1) $totalPages = 1; // 确保至少有一页,即使没有结果
|
|
|
+
|
|
|
+if (empty($page)) $page = 1;
|
|
|
+if ($page == 'end') $page = $totalPages;
|
|
|
+if (!is_numeric($page) || $page < 1) $page = 1;
|
|
|
+$page = (int)$page;
|
|
|
+if ($page > $totalPages) $page = $totalPages;
|
|
|
+
|
|
|
+// Apply pagination
|
|
|
+$offset = ($page - 1) * $pageSize;
|
|
|
+if ($offset < 0) $offset = 0; // 确保偏移量不为负数
|
|
|
+$sql_paginated = $sql . " LIMIT $offset, $pageSize"; // 使用新变量,不修改原始SQL
|
|
|
+
|
|
|
+// Execute the paginated query
|
|
|
+$result = $conn->query($sql_paginated);
|
|
|
+if (!$result) {
|
|
|
+ die("分页查询失败: " . $conn->error . "<br>SQL: " . $sql_paginated);
|
|
|
+}
|
|
|
+$tempNum = $pageSize * ($page - 1);
|
|
|
+
|
|
|
?>
|
|
|
|
|
|
<form id="form1" method="post" action="?act=postchk&Keys=<?php echo $keys; ?>&Page=<?php echo $page; ?>" onSubmit="return false">
|
|
|
@@ -948,27 +976,7 @@ $pageSize = 18;
|
|
|
<tbody>
|
|
|
<?php
|
|
|
if ($result->num_rows > 0) {
|
|
|
- $pageSize = 18;
|
|
|
- $totalPages = ceil($result->num_rows / $pageSize);
|
|
|
-
|
|
|
- if (empty($page)) $page = 1;
|
|
|
- if ($page == 'end') $page = $totalPages;
|
|
|
- if (!is_numeric($page) || $page < 1) $page = 1;
|
|
|
- $page = (int)$page;
|
|
|
- if ($page > $totalPages) $page = $totalPages;
|
|
|
-
|
|
|
- $offset = ($page - 1) * $pageSize;
|
|
|
- $sql .= " LIMIT $offset, $pageSize";
|
|
|
-
|
|
|
-
|
|
|
- $result = $conn->query($sql);
|
|
|
-
|
|
|
- $tempNum = $pageSize * ($page - 1);
|
|
|
-
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
$tempNum++;
|
|
|
?>
|
|
|
<tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
|
|
|
@@ -976,19 +984,18 @@ $pageSize = 18;
|
|
|
<td align="center"><?php echo $tempNum; ?></td>
|
|
|
<td align="center" class="code" data-id="<?php echo $row['id'] ?? ''; ?>">
|
|
|
<?php
|
|
|
-
|
|
|
echo $row['cs_code'] ?? ''; ?>
|
|
|
<?php if(($row['cs_claimFrom'] ?? 0) > 0): ?>
|
|
|
<img src="../images/yijiao.png" class="handover">
|
|
|
<?php endif; ?>
|
|
|
</td>
|
|
|
- <td align="center"><?php echo $row['cs_name'] ?? ''; ?></td>
|
|
|
+ <td align="center"><?php echo htmlspecialchars($row['cs_name'] ?? ''); ?></td>
|
|
|
<td align="center">
|
|
|
<?php
|
|
|
$countryId = intval($row['cs_country'] ?? 0);
|
|
|
- $sql = "SELECT countryName FROM country WHERE id = " . $countryId;
|
|
|
+ $sql = "SELECT countryName FROM country WHERE id = $countryId";
|
|
|
$countryResult = $conn->query($sql);
|
|
|
- if ($countryRow = $countryResult->fetch_assoc()) {
|
|
|
+ if ($countryResult && $countryRow = $countryResult->fetch_assoc()) {
|
|
|
echo htmlspecialchars($countryRow['countryName']);
|
|
|
} else {
|
|
|
echo "未选择";
|
|
|
@@ -998,23 +1005,22 @@ $pageSize = 18;
|
|
|
<td align="center">
|
|
|
<?php
|
|
|
$fromId = intval($row['cs_from'] ?? 0);
|
|
|
- $sql = "SELECT ch_name FROM qudao WHERE id = " . $fromId;
|
|
|
- $qudaoResult = $conn->query($sql);
|
|
|
- if ($qudaoRow = $qudaoResult->fetch_assoc()) {
|
|
|
- echo htmlspecialchars($qudaoRow['ch_name']);
|
|
|
+ $sql = "SELECT ch_name FROM qudao WHERE id = $fromId";
|
|
|
+ $fromResult = $conn->query($sql);
|
|
|
+ if ($fromResult && $fromRow = $fromResult->fetch_assoc()) {
|
|
|
+ echo htmlspecialchars($fromRow['ch_name']);
|
|
|
} else {
|
|
|
echo "未选择";
|
|
|
}
|
|
|
?>
|
|
|
- </td>
|
|
|
+ </td>
|
|
|
<td align="center">
|
|
|
<?php
|
|
|
- $cs_deal = intval($row['cs_deal'] ?? 0);
|
|
|
- if ($cs_deal == 3) {
|
|
|
+ if (($row['cs_deal'] ?? 0) == 3) {
|
|
|
echo "<span style='color:red;font-size:10px;'>" . htmlspecialchars($row['cs_dealdate'] ?? '') . "成交</span>";
|
|
|
- } elseif ($cs_deal == 2) {
|
|
|
+ } elseif (($row['cs_deal'] ?? 0) == 2) {
|
|
|
echo "明确需求";
|
|
|
- } elseif ($cs_deal == 1) {
|
|
|
+ } elseif (($row['cs_deal'] ?? 0) == 1) {
|
|
|
echo "背景调查";
|
|
|
} else {
|
|
|
echo "无响应";
|
|
|
@@ -1024,9 +1030,9 @@ $pageSize = 18;
|
|
|
<td align="center">
|
|
|
<?php
|
|
|
$belongId = intval($row['cs_belong'] ?? 0);
|
|
|
- $sql = "SELECT em_user FROM employee WHERE id = " . $belongId;
|
|
|
+ $sql = "SELECT em_user FROM employee WHERE id = $belongId";
|
|
|
$empResult = $conn->query($sql);
|
|
|
- if ($empRow = $empResult->fetch_assoc()) {
|
|
|
+ if ($empResult && $empRow = $empResult->fetch_assoc()) {
|
|
|
echo htmlspecialchars($empRow['em_user']);
|
|
|
} else {
|
|
|
echo "未选择";
|
|
|
@@ -1095,18 +1101,11 @@ $pageSize = 18;
|
|
|
<?php
|
|
|
}
|
|
|
} else {
|
|
|
- if (empty($keys)) {
|
|
|
- ?>
|
|
|
- <tr>
|
|
|
- <td align="center" colspan="9">Sorry,当前暂无信息</td>
|
|
|
- </tr>
|
|
|
- <?php
|
|
|
+ // 没有搜索结果的情况
|
|
|
+ if (!empty($keyscode)) {
|
|
|
+ echo '<tr><td colspan="9" align="center">没有找到 "' . htmlspecialchars($keyscode) . '" 相关的客户信息</td></tr>';
|
|
|
} else {
|
|
|
- ?>
|
|
|
- <tr>
|
|
|
- <td align="center" colspan="9"><a href="?">Sorry,没有找到"<?php echo $keyscode; ?>"相关的信息,点击返回</a></td>
|
|
|
- </tr>
|
|
|
- <?php
|
|
|
+ echo '<tr><td colspan="9" align="center">暂无客户信息</td></tr>';
|
|
|
}
|
|
|
}
|
|
|
?>
|
igb