fix : escape to encodeURIComponent

customers.php

@@ -697,9 +697,9 @@ $hrefstr = "?keys=" . $keys;
                 value="<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>" 
                 onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>'){this.value='';}" 
                 onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>';}" 
-                onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
+                onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
             <input type="button" id="searchgo" class="searchgo" value="go" 
-                onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
         </div>
     </div>
 

customersFollow.php

@@ -174,9 +174,9 @@ $hrefstr = "?keys=" . $keys;
                 value="<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>" 
                 onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>'){this.value='';}" 
                 onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>';}" 
-                onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
+                onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
             <input type="button" id="searchgo" class="searchgo" value="go" 
-                onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
         </div>
     </div>
 

customersNew.php

@@ -174,9 +174,9 @@ $hrefstr = "?keys=" . $keys;
                 value="<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>" 
                 onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>'){this.value='';}" 
                 onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : $keyscode ?>';}" 
-                onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
+                onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
             <input type="button" id="searchgo" class="searchgo" value="go" 
-                onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
         </div>
     </div>
 

order.php

@@ -36,21 +36,21 @@ $keyscode = mysqli_real_escape_string($conn, $keys);
 $page = $_GET['Page'] ?? 1;
 $ord = $_GET['Ord'] ?? '';
 
+
+
 $ordStr = !empty($ord) ? "$ord," : "";
 
 // 构建查询SQL
 $employee_id = $_SESSION['employee_id'];
-$sqlStr = "SELECT o.*, c.cs_company, c.cs_code, cc.contact_name
+$sqlStr = "SELECT o.*, c.cs_company, c.cs_code
            FROM orders o
            LEFT JOIN customer c ON o.customer_id = c.id
-           LEFT JOIN customer_contact cc ON o.contact_id = cc.id
            WHERE o.employee_id = $employee_id";
 
 if (!empty($keyscode)) {
     $sqlStr .= " AND (o.order_code LIKE '%$keyscode%'
            OR c.cs_company LIKE '%$keyscode%'
-           OR c.cs_code LIKE '%$keyscode%'
-           OR cc.contact_name LIKE '%$keyscode%')";
+           OR c.cs_code LIKE '%$keyscode%')";
 }
 
 $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
@@ -103,14 +103,31 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
         }
         
         .col2 { width: 5%; text-align: center; }
-        .col3 { width: 15%; }
-        .col4 { width: 18%; }
-        .col5 { width: 22%; }
-        .col6 { width: 12%; }
-        .col7 { width: 14%; }
-        .col9 { width: 10%; text-align: right; }
+        .col3 { width: 10%; }
+        .col4 { width: 20%; }
+        .col5 { width: 30%; }
+        .col7 { width: 16%; }
+        .col9 { width: 14%; text-align: right; }
         .col10 { width: 16%; text-align: center; }
-        
+
+
+
+        /* 表格布局修复,因为 "css/common.css 覆盖了 */
+        .table2 .col2 { width: 5%; text-align: center; }
+        .table2 .col3 { width: 10%; }
+        .table2 .col4 { width: 20%; }
+        .table2 .col5 { width: 30%; }
+        .table2 .col7 { width: 16%; }
+        .table2 .col9 { width: 14%; text-align: right; }
+        .table2 .col10 { width: 16%; text-align: center; }
+
+
+
+
+
+
+
+
         .theader > div, .tline > div {
             padding: 0 5px;
             overflow: hidden;
@@ -150,7 +167,7 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
         
         .notepanel .noteItem2 {
             font-weight: bold;
-            margin-top: 10px;
+
             margin-bottom: 5px;
         }
         
@@ -183,7 +200,7 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
             <input type="text" id="keys" class="inputTxt" placeholder="请输入搜索关键词"
                 value="<?= empty($keyscode) ? '' : $keyscode ?>" />
             <input type="button" id="searchgo" class="searchgo" value="搜索"
-                onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
         </div>
     </div>
 
@@ -197,7 +214,6 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
             <div class="col3">订单编号</div>
             <div class="col4">客户编码</div>
             <div class="col5">客户</div>
-            <div class="col6">联系人</div>
             <div class="col7">订单日期</div>
             <div class="col9">订单金额</div>
             <div class="col10">操作</div>
@@ -211,13 +227,11 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
         $employee_id = $_SESSION['employee_id'];
         $countSql = "SELECT COUNT(*) AS total FROM orders o
                      LEFT JOIN customer c ON o.customer_id = c.id
-                     LEFT JOIN customer_contact cc ON o.contact_id = cc.id
                      WHERE o.employee_id = $employee_id";
         if (!empty($keyscode)) {
             $countSql .= " AND (o.order_code LIKE '%$keyscode%'
                          OR c.cs_company LIKE '%$keyscode%'
-                         OR c.cs_code LIKE '%$keyscode%'
-                         OR cc.contact_name LIKE '%$keyscode%')";
+                         OR c.cs_code LIKE '%$keyscode%')";
         }
         $countSql .= $fliterStr;
 
@@ -252,7 +266,6 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
                     <div class="col3 slidepanel"><?= htmlspecialcharsFix($row['order_code']) ?></div>
                     <div class="col4"><?= htmlspecialcharsFix($row['cs_code']) ?></div>
                     <div class="col5"><?= htmlspecialcharsFix($row['cs_company']) ?></div>
-                    <div class="col6"><?= htmlspecialcharsFix($row['contact_name']) ?></div>
                     <div class="col7"><?= date('Y-m-d', strtotime($row['order_date'])) ?></div>
                     <div class="col9"><?= number_format($row['total_amount'], 2) ?></div>
                     <div class="col10">

silentCustomer.php

@@ -188,9 +188,9 @@ $hrefstr = "?keys=" . $keys;
                        value="<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>" 
                        onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>'){this.value='';}" 
                        onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>';}" 
-                       onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
+                       onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
                 <input type="button" id="searchgo" class="searchgo" value="go" 
-                       onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                       onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
             </div>
         </div>
 

subCustomers.php

@@ -173,7 +173,7 @@ $hrefstr = "?keys=" . $keys;
                 <input type="text" id="keys" class="inputTxt" placeholder="请输入搜索关键词"
                        value="<?= empty($keyscode) ? '' : htmlspecialcharsFix($keyscode) ?>"/>
                 <input type="button" id="searchgo" class="searchgo" value="go" 
-                       onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                       onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
             </div>
         </div>
 

system/IP.php

@@ -262,8 +262,8 @@ $hrefstr = "?keys=$keys";
                     <input type="text" id="keys" value="<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>" 
                            onFocus="if(this.value == '<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>'){this.value='';}" 
                            onBlur="if(this.value == ''){this.value='<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>';}" 
-                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
-                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
+                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                 </div>
                 <div class="postchkbox">
                     <select id="chkact" name="chkact">

system/additional.php

@@ -167,8 +167,8 @@ if ($totalPages > 1) {
                     <input type="text" id="keys" value="<?php echo empty($Keyscode) ? '请输入搜索关键词' : $Keyscode; ?>" 
                            onFocus="if(this.value == '<?php echo empty($Keyscode) ? '请输入搜索关键词' : $Keyscode; ?>'){this.value='';}" 
                            onBlur="if(this.value == ''){this.value='<?php echo empty($Keyscode) ? '请输入搜索关键词' : $Keyscode; ?>';}" 
-                           onKeyDown="if(event.keyCode==13){location.href='?qid=<?php echo $qid; ?>&Keys='+escape(document.getElementById('keys').value)}" />
-                    <input type="button" id="searchgo" value="go" onClick="location.href='?qid=<?php echo $qid; ?>&Keys='+escape(document.getElementById('keys').value)" />
+                           onKeyDown="if(event.keyCode==13){location.href='?qid=<?php echo $qid; ?>&Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
+                    <input type="button" id="searchgo" value="go" onClick="location.href='?qid=<?php echo $qid; ?>&Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                 </div>
                 <div class="postchkbox">
                     <select id="chkact" name="chkact">

system/customers.php

@@ -955,7 +955,7 @@ $tempNum = $pageSize * ($page - 1);
             <input type="text" id="keys" class="inputTxt" placeholder="请输入搜索关键词" value="<?php echo empty($keyscode) ? '' : $keyscode; ?>"
                     />
             <input type="button" id="searchgo" class="searchgo" value="go" 
-                   onClick="location.href='?Keys='+escape(document.getElementById('keys').value)+'<?php echo $urlStr; ?>'" />
+                   onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)+'<?php echo $urlStr; ?>'" />
         </div>
     </div>
     

system/employee.php

@@ -300,8 +300,8 @@ $hrefstr = "?keys=$keys";
                     <input type="text" id="keys" value="<?php echo $keyscode == '' ? '请输入搜索关键词' : $keyscode; ?>" 
                            onFocus="if(this.value == '<?php echo $keyscode == '' ? '请输入搜索关键词' : $keyscode; ?>'){this.value='';}" 
                            onBlur="if(this.value == ''){this.value='<?php echo $keyscode == '' ? '请输入搜索关键词' : $keyscode; ?>';}" 
-                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
-                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
+                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                 </div>
                 <div class="postchkbox">
                     <select id="chkact" name="chkact">

system/log.php

@@ -138,9 +138,9 @@ $result = mysqli_query($conn, $sql);
                             value="<?php echo empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode); ?>" 
                             onFocus="if(this.value == '<?php echo empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode); ?>'){this.value='';}" 
                             onBlur="if(this.value == ''){this.value='<?php echo empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode); ?>';}" 
-                            onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'}" />
+                            onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'}" />
                         <input type="button" id="searchgo" class="searchgo" value="go" 
-                            onClick="location.href='?Keys='+escape(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'" />
+                            onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'" />
                     </div>
                 </td>
             </tr>

system/power.php

@@ -272,8 +272,8 @@ $hrefstr = "?keys=$keys";
                     <input type="text" id="keys" value="<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>" 
                            onFocus="if(this.value == '<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>'){this.value='';}" 
                            onBlur="if(this.value == ''){this.value='<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>';}" 
-                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
-                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
+                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                 </div>
                 <div class="postchkbox">
                     <select id="chkact" name="chkact">

system/product_category.php

@@ -459,7 +459,7 @@ if ($act == 'edit' || $act == 'add') {
 
                     <div style="padding-left: 50px;">
                         <input type="text" id="keys" class="inputTxt" value="<?php echo $keyscode; ?>" placeholder="请输入搜索关键词" />
-                        <input type="button" id="searchgo" class="searchgo" value="搜索" onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                        <input type="button" id="searchgo" class="searchgo" value="搜索" onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                     </div>
                 </div>
             </div>