Commit c27fcde2 authored by François Jacquet's avatar François Jacquet Committed by François Jacquet
Browse files

Add RedirectURL()

Prevents showing an obsolete & confusing delete confirmation screen
on page reload.
Formatted code.
Use PreparePHP_Self() in forms to maintain program state
in Administration.php & Eligibility/Student.php.
Fixed Cancel Delete Event in Calendar.php.
Remove "# Associated" column from Student list in AddStudents.php.
Added DBEscapeIdentifier() where missing.
Aggregated some if conditions to simplify update / remove logic.
parent 0f9192f1
# CHANGES
## RosarioSIS Student Information System
Changes in 3.2.1
----------------
Changes in 3.3
--------------
- CSS Add padding to .list-header & remove spaces before buttons in ListOutput.fnc.php & stylesheet.css
- Add RedirectURL(), prevents showing an obsolete & confusing delete confirmation screen on page reload in Prepare_PHP_SELF.fnc.php & program wide
- Use PreparePHP_Self() in forms to maintain program state in Administration.php & Eligibility/Student.php
- Fixed Cancel Delete Event in Calendar.php
- Remove "# Associated" column from Student list in AddStudents.php
Changes in 3.2
--------------
......
......@@ -107,6 +107,58 @@ function PreparePHP_SELF( $tmp_REQUEST = array(), $remove = array(), $add = arra
}
/**
* Redirect URL
* Will update the requested URL in the browser,
* (soft redirection using the X-Redirect-Url header)
* removing the requested parameters passed as argument.
* Use after a successful remove / delete / update / save operation.
* Prevents showing an obsolete & confusing delete confirmation screen on page reload.
*
* @since 3.3
*
* @example RedirectURL( array( 'modfunc', 'id' ) );
*
* @uses X-Redirect-Url header.
* @uses PreparePHP_SELF
*
* @see warehouse.js check for X-Redirect-Url
*
* @param array|string $remove Parameters to remove from the $_REQUEST & $_SESSION['_REQUEST_vars'] arrays.
*
* @return boolean False if nothing to remove, else true.
*/
function RedirectURL( $remove )
{
if ( ! $remove )
{
return false;
}
foreach ( (array) $remove as $request_key )
{
if ( ! isset( $_REQUEST[ $request_key ] ) )
{
continue;
}
$_REQUEST[ $request_key ] = false;
if ( isset( $_SESSION['_REQUEST_vars'][ $request_key ] ) )
{
$_SESSION['_REQUEST_vars'][ $request_key ] = false;
}
}
$redirect_url = PreparePHP_SELF( $_GET, $remove );
// Redirect URL.
header( 'X-Redirect-Url: ' . $redirect_url );
return true;
}
/**
* My URL encode
* RFC 3986 compliant
......
<?php
require_once 'modules/Accounting/functions.inc.php';
if ( ! $_REQUEST['print_statements'])
DrawHeader(ProgramTitle());
if ( ! $_REQUEST['print_statements'] )
{
DrawHeader( ProgramTitle() );
}
// Add eventual Dates to $_REQUEST['values'].
if ( isset( $_REQUEST['day_values'], $_REQUEST['month_values'], $_REQUEST['year_values'] ) )
......@@ -15,9 +18,11 @@ if ( isset( $_REQUEST['day_values'], $_REQUEST['month_values'], $_REQUEST['year_
$_REQUEST['values'] = array_replace_recursive( (array) $_REQUEST['values'], (array) $requested_dates );
}
if ( $_REQUEST['values'] && $_POST['values'] && AllowEdit())
if ( $_REQUEST['values']
&& $_POST['values']
&& AllowEdit() )
{
foreach ( (array) $_REQUEST['values'] as $id => $columns)
foreach ( (array) $_REQUEST['values'] as $id => $columns )
{
if ( $id!='new')
{
......@@ -49,7 +54,7 @@ if ( $_REQUEST['values'] && $_POST['values'] && AllowEdit())
if ( $column=='AMOUNT')
{
$value = preg_replace('/[^0-9.-]/','',$value);
//FJ fix SQL bug invalid amount
// FJ fix SQL bug invalid amount.
if ( !is_numeric($value))
$value = 0;
}
......@@ -64,23 +69,25 @@ if ( $_REQUEST['values'] && $_POST['values'] && AllowEdit())
DBQuery($sql);
}
}
unset($_REQUEST['values']);
// Unset modfunc & redirect URL.
RedirectURL( 'modfunc' );
}
if ( $_REQUEST['modfunc'] === 'remove' && AllowEdit() )
if ( $_REQUEST['modfunc'] === 'remove'
&& AllowEdit() )
{
if ( DeletePrompt( _( 'Expense' ) ) )
{
DBQuery("DELETE FROM ACCOUNTING_PAYMENTS WHERE ID='" . $_REQUEST['id'] . "'");
DBQuery( "DELETE FROM ACCOUNTING_PAYMENTS
WHERE ID='" . $_REQUEST['id'] . "'" );
// Unset modfunc & ID.
$_REQUEST['modfunc'] = false;
$_SESSION['_REQUEST_vars']['modfunc'] = false;
$_SESSION['_REQUEST_vars']['id'] = false;
// Unset modfunc & ID & redirect URL.
RedirectURL( array( 'modfunc', 'id' ) );
}
}
if ( ! $_REQUEST['modfunc'])
if ( ! $_REQUEST['modfunc'] )
{
$payments_total = 0;
......
<?php
require_once 'modules/Accounting/functions.inc.php';
if ( ! $_REQUEST['print_statements'])
DrawHeader(ProgramTitle());
if ( ! $_REQUEST['print_statements'] )
{
DrawHeader( ProgramTitle() );
}
// Add eventual Dates to $_REQUEST['values'].
if ( isset( $_REQUEST['day_values'], $_REQUEST['month_values'], $_REQUEST['year_values'] ) )
......@@ -16,7 +19,9 @@ if ( isset( $_REQUEST['day_values'], $_REQUEST['month_values'], $_REQUEST['year_
$_REQUEST['values'] = array_replace_recursive( (array) $_REQUEST['values'], (array) $requested_dates );
}
if ( $_REQUEST['values'] && $_POST['values'] && AllowEdit())
if ( $_REQUEST['values']
&& $_POST['values']
&& AllowEdit() )
{
foreach ( (array) $_REQUEST['values'] as $id => $columns)
{
......@@ -57,24 +62,25 @@ if ( $_REQUEST['values'] && $_POST['values'] && AllowEdit())
DBQuery($sql);
}
}
unset($_REQUEST['values']);
// Unset values & redirect URL.
RedirectURL( 'values' );
}
if ( $_REQUEST['modfunc'] === 'remove' && AllowEdit() )
if ( $_REQUEST['modfunc'] === 'remove'
&& AllowEdit() )
{
if ( DeletePrompt( _( 'Income' ) ) )
{
DBQuery("DELETE FROM ACCOUNTING_INCOMES WHERE ID='" . $_REQUEST['id'] . "'");
DBQuery( "DELETE FROM ACCOUNTING_INCOMES
WHERE ID='" . $_REQUEST['id'] . "'" );
// Unset modfunc & ID.
// Unset modfunc & ID.
$_REQUEST['modfunc'] = false;
$_SESSION['_REQUEST_vars']['modfunc'] = false;
$_SESSION['_REQUEST_vars']['id'] = false;
// Unset modfunc & ID & redirect URL.
RedirectURL( array( 'modfunc', 'id' ) );
}
}
if ( ! $_REQUEST['modfunc'])
if ( ! $_REQUEST['modfunc'] )
{
$incomes_total = 0;
......
......@@ -4,11 +4,11 @@ require_once 'modules/Accounting/functions.inc.php';
if (User('PROFILE')=='teacher')//limit to teacher himself
$_REQUEST['staff_id'] = User('STAFF_ID');
if ( ! $_REQUEST['print_statements'])
if ( ! $_REQUEST['print_statements'] )
{
DrawHeader(ProgramTitle());
DrawHeader( ProgramTitle() );
Search('staff_id',$extra);
Search( 'staff_id', $extra );
}
if ( $_REQUEST['values']
......@@ -68,19 +68,21 @@ if ( $_REQUEST['values']
DBQuery($sql);
}
}
unset($_REQUEST['values']);
// Unset values & redirect URL.
RedirectURL( 'values' );
}
if ( $_REQUEST['modfunc'] === 'remove' && AllowEdit() )
if ( $_REQUEST['modfunc'] === 'remove'
&& AllowEdit() )
{
if ( DeletePrompt( _( 'Salary' ) ) )
{
DBQuery("DELETE FROM ACCOUNTING_SALARIES WHERE ID='" . $_REQUEST['id'] . "'");
DBQuery( "DELETE FROM ACCOUNTING_SALARIES
WHERE ID='" . $_REQUEST['id'] . "'" );
// Unset modfunc & ID.
$_REQUEST['modfunc'] = false;
$_SESSION['_REQUEST_vars']['modfunc'] = false;
$_SESSION['_REQUEST_vars']['id'] = false;
// Unset modfunc & ID & redirect URL.
RedirectURL( array( 'modfunc', 'id' ) );
}
}
......
......@@ -4,11 +4,11 @@ require_once 'modules/Accounting/functions.inc.php';
if (User('PROFILE')=='teacher')//limit to teacher himself
$_REQUEST['staff_id'] = User('STAFF_ID');
if ( ! $_REQUEST['print_statements'])
if ( ! $_REQUEST['print_statements'] )
{
DrawHeader(ProgramTitle());
DrawHeader( ProgramTitle() );
Search('staff_id',$extra);
Search( 'staff_id', $extra );
}
// Add eventual Dates to $_REQUEST['values'].
......@@ -76,19 +76,21 @@ if ( $_REQUEST['values']
DBQuery($sql);
}
}
unset($_REQUEST['values']);
// Unset values & redirect URL.
RedirectURL( 'values' );
}
if ( $_REQUEST['modfunc'] === 'remove' && AllowEdit() )
if ( $_REQUEST['modfunc'] === 'remove'
&& AllowEdit() )
{
if ( DeletePrompt( _( 'Payment' ) ) )
{
DBQuery("DELETE FROM ACCOUNTING_PAYMENTS WHERE ID='" . $_REQUEST['id'] . "'");
DBQuery( "DELETE FROM ACCOUNTING_PAYMENTS
WHERE ID='" . $_REQUEST['id'] . "'" );
// Unset modfunc & ID.
$_REQUEST['modfunc'] = false;
$_SESSION['_REQUEST_vars']['modfunc'] = false;
$_SESSION['_REQUEST_vars']['id'] = false;
// Unset modfunc & ID & redirect URL.
RedirectURL( array( 'modfunc', 'id' ) );
}
}
......
......@@ -2,6 +2,8 @@
//FJ move Attendance.php from functions/ to modules/Attendance/includes
require_once 'modules/Attendance/includes/UpdateAttendanceDaily.fnc.php';
DrawHeader( ProgramTitle() );
if ( ! $_REQUEST['month'] )
{
$_REQUEST['month'] = date( 'm' );
......@@ -16,7 +18,9 @@ else
if ( $_REQUEST['modfunc'] === 'save' )
{
if (count($_REQUEST['period']) && count($_REQUEST['student']) && count($_REQUEST['dates']))
if ( count( $_REQUEST['period'] )
&& count( $_REQUEST['student'] )
&& count( $_REQUEST['dates'] ) )
{
foreach ( (array) $_REQUEST['period'] as $period_id => $yes )
{
......@@ -114,12 +118,10 @@ if ( $_REQUEST['modfunc'] === 'save' )
else
$error[] = _('You must choose at least one period and one student.');
$_SESSION['_REQUEST_vars']['modfunc'] = false;
$_REQUEST['modfunc'] = false;
// Unset modfunc & redirect URL.
RedirectURL( 'modfunc' );
}
DrawHeader(ProgramTitle());
echo ErrorMessage( $note, 'note' );
echo ErrorMessage( $error );
......
......@@ -2,7 +2,7 @@
//FJ move Attendance.php from functions/ to modules/Attendance/includes
require_once 'modules/Attendance/includes/UpdateAttendanceDaily.fnc.php';
DrawHeader(ProgramTitle());
DrawHeader( ProgramTitle() );
// set date
if ( isset( $_REQUEST['month_date'] )
......@@ -15,10 +15,11 @@ if ( isset( $_REQUEST['month_date'] )
$_REQUEST['day_date']
);
if ( $_SESSION['Administration.php']['date'] && $_SESSION['Administration.php']['date']!=$date)
if ( $_SESSION['Administration.php']['date']
&& $_SESSION['Administration.php']['date'] !== $date )
{
unset($_REQUEST['attendance']);
unset($_REQUEST['attendance_day']);
// Unset attendance & attendance day & redirect URL.
RedirectURL( array( 'attendance', 'attendance_day' ) );
}
}
else
......@@ -49,9 +50,13 @@ $current_mp = GetCurrentMP('QTR',$date,false);
if ( ! $current_mp)
{
echo '<form action="'.PreparePHP_SELF($_REQUEST,array('day_date','month_date','year_date','codes')).'" method="POST">';
echo '<form action="' .
PreparePHP_SELF( $_REQUEST ) .
'" method="POST">';
DrawHeader(PrepareDate($date,'_date',false,array('submit'=>true)));
DrawHeader(
PrepareDate( $date, '_date', false, array( 'submit' => true ) )
);
echo '</form>';
......@@ -101,10 +106,14 @@ if (SchoolInfo('NUMBER_DAYS_ROTATION') !== null)
AND s.MARKING_PERIOD_ID IN (".$all_mp.")
ORDER BY s.START_DATE ASC";
}
// TODO: can be optimized? Remove PERIOD_ID index.
$current_RET = DBGet(DBQuery($current_Q),array(),array('STUDENT_ID','PERIOD_ID'));
if ( $_REQUEST['attendance'] && $_POST['attendance'] && AllowEdit())
if ( $_REQUEST['attendance']
&& $_POST['attendance']
&& AllowEdit() )
{
foreach ( (array) $_REQUEST['attendance'] as $student_id => $values)
foreach ( (array) $_REQUEST['attendance'] as $student_id => $values )
{
if ( ! $current_schedule_RET[ $student_id ])
{
......@@ -164,10 +173,11 @@ if ( $_REQUEST['attendance'] && $_POST['attendance'] && AllowEdit())
UpdateAttendanceDaily($student_id,$date,($_REQUEST['attendance_day'][ $student_id ]['COMMENT']?$_REQUEST['attendance_day'][ $student_id ]['COMMENT']:false));
unset($_REQUEST['attendance_day'][ $student_id ]);
}
// TODO: can be optimized? Remove PERIOD_ID index.
$current_RET = DBGet(DBQuery($current_Q),array(),array('STUDENT_ID','PERIOD_ID'));
unset($_REQUEST['attendance']);
unset($_SESSION['_REQUEST_vars']['attendance']);
unset($_SESSION['_REQUEST_vars']['attendance_day']);
// Unset attendance & attendance day & redirect URL.
RedirectURL( array( 'attendance', 'attendance_day' ) );
}
if (count($_REQUEST['attendance_day']))
......@@ -175,7 +185,8 @@ if (count($_REQUEST['attendance_day']))
foreach ( (array) $_REQUEST['attendance_day'] as $student_id => $comment)
UpdateAttendanceDaily($student_id,$date,$comment['COMMENT']);
unset($_REQUEST['attendance_day']);
// Unset attendance day & redirect URL.
RedirectURL( 'attendance_day' );
}
$codes_RET = DBGet(DBQuery("SELECT ID,SHORT_NAME,TITLE,STATE_CODE FROM ATTENDANCE_CODES WHERE SCHOOL_ID='".UserSchool()."' AND SYEAR='".UserSyear()."' AND TABLE_NAME='".$_REQUEST['table']."'"));
......@@ -191,7 +202,7 @@ $categories_RET = DBGet(DBQuery("SELECT ID,TITLE FROM ATTENDANCE_CODE_CATEGORIES
if (count($categories_RET))
{
$tmp_PHP_SELF = PreparePHP_SELF($_REQUEST,array('table','codes'));
$tmp_PHP_SELF = PreparePHP_SELF( $_REQUEST, array( 'table', 'codes' ) );
$headerl .= '<a href="' . $tmp_PHP_SELF . '&amp;table=0"><b>' . _( 'Attendance' ) . '</b></a>';
......@@ -249,11 +260,17 @@ if (isset($_REQUEST['student_id']) && $_REQUEST['student_id']!='new')
$columns = array('PERIOD_TITLE' => _('Period'), 'COURSE' => _('Course'), 'ATTENDANCE_CODE' => _('Attendance Code'), 'ATTENDANCE_TEACHER_CODE' => _('Teacher\'s Entry'), 'ATTENDANCE_REASON' => _('Office Comment'), 'COMMENT' => _('Teacher Comment'));
echo '<form action="Modules.php?modname='.$_REQUEST['modname'].'&modfunc=student&student_id='.$_REQUEST['student_id'].'&table='.$_REQUEST['table'].'" method="POST">';
echo '<form action="' .
PreparePHP_SELF( $_REQUEST ) .
'" method="POST">';
DrawHeader(PrepareDate($date,'_date',false,array('submit'=>true)),SubmitButton(_('Update')));
DrawHeader(
PrepareDate( $date, '_date', false, array( 'submit' => true ) ),
SubmitButton( _( 'Update' ) )
);
$headerr = '<a href="Modules.php?modname='.$_REQUEST['modname'].'&month_date='.$_REQUEST['month_date'].'&day_date='.$_REQUEST['day_date'].'&year_date='.$_REQUEST['year_date'].'&table='.$_REQUEST['table'].'">'._('Student List').'</a>';
$headerr = '<a href="' . PreparePHP_Self( $_REQUEST, array( 'student_id' ) ) . '">' .
_( 'Student List' ) . '</a>';
DrawHeader($headerl, $headerr);
......@@ -336,7 +353,9 @@ else
$extra['columns_after']['DAILY_COMMENT'] = _('Day Comment');
}
$extra['link']['FULL_NAME']['link'] = 'Modules.php?modname='.$_REQUEST['modname'].'&month_date='.$_REQUEST['month_date'].'&day_date='.$_REQUEST['day_date'].'&year_date='.$_REQUEST['year_date'].'&table='.$_REQUEST['table'];
// $extra['link']['FULL_NAME']['link'] = 'Modules.php?modname='.$_REQUEST['modname'].'&month_date='.$_REQUEST['month_date'].'&day_date='.$_REQUEST['day_date'].'&year_date='.$_REQUEST['year_date'].'&table='.$_REQUEST['table'];
$extra['link']['FULL_NAME']['link'] = PreparePHP_SELF( $_REQUEST );
$extra['link']['FULL_NAME']['variables'] = array('student_id' => 'STUDENT_ID');
$extra['BackPrompt'] = false;
$extra['Redirect'] = false;
......@@ -359,15 +378,32 @@ else
else
$code_pulldowns = _makeCodeSearch();
echo '<form action="'.PreparePHP_SELF($_REQUEST,array('day_date','month_date','year_date','codes')).'" method="POST">';
DrawHeader(PrepareDate($date,'_date',false,array('submit'=>true)),SubmitButton(_('Update')));
echo '<form action="' .
PreparePHP_SELF( $_REQUEST ) .
'" method="POST">';
if (UserStudentID())
$current_student_link = '<a href="Modules.php?modname='.$_REQUEST['modname'].'&modfunc=student&month_date='.$_REQUEST['month_date'].'&day_date='.$_REQUEST['day_date'].'&year_date='.$_REQUEST['year_date'].'&student_id='.UserStudentID().'&table='.$_REQUEST['table'].'">'._('Current Student').'</a></td><td>';
DrawHeader(
PrepareDate( $date, '_date', false, array( 'submit' => true ) ),
SubmitButton( _( 'Update' ) )
);
$headerr = '<table><tr><td>'.$current_student_link.button('add','','"#" onclick=\'javascript:addHTML("'.str_replace('"','\"',_makeCodeSearch()).'","code_pulldowns"); return false;\'').'</td><td><div id=code_pulldowns>'.$code_pulldowns.'</div></td></tr></table>';
if ( UserStudentID() )
{
$current_student_link = '<a href="' .
PreparePHP_Self( $_REQUEST, array(), array( 'student_id' => UserStudentID() ) ) . '">' .
_( 'Current Student' ) . '</a></td><td>';
}
DrawHeader($headerl, $headerr);
$headerr = '<table style="float: right;"><tr><td class="align-right">' .
button(
'add',
'',
'"#" onclick=\'javascript:addHTML("' . str_replace( '"', '\"', _makeCodeSearch() ) .
'","code_pulldowns"); return false;\''
) . '</td><td><div id="code_pulldowns">' . $code_pulldowns . '</div></td>' .
'<td class="align-right">' . $current_student_link . '</td></tr></table>';
DrawHeader( $headerl, $headerr );
$_REQUEST['search_modfunc'] = 'list';
Search('student_id',$extra);
......
......@@ -55,7 +55,9 @@ if ( $_REQUEST['attendance'] && $_POST['attendance'] && AllowEdit())
UpdateAttendanceDaily($student_id,$date);
}
$current_RET = DBGet(DBQuery("SELECT ATTENDANCE_TEACHER_CODE,ATTENDANCE_CODE,ATTENDANCE_REASON,STUDENT_ID,ADMIN,COURSE_PERIOD_ID FROM ATTENDANCE_PERIOD WHERE SCHOOL_DATE='".$date."'"),array(),array('STUDENT_ID','COURSE_PERIOD_ID'));
unset($_REQUEST['attendance']);
// Unset attendance & redirect URL.
RedirectURL( 'attendance' );
}
$codes_RET = DBGet(DBQuery("SELECT ID,SHORT_NAME,TITLE FROM ATTENDANCE_CODES WHERE SCHOOL_ID='".UserSchool()."' AND SYEAR='".UserSyear()."'"));
......
<?php
DrawHeader( ProgramTitle() );
if ( $_REQUEST['table']=='')
$_REQUEST['table'] = '0';
if ( $_REQUEST['modfunc']=='update' && AllowEdit())
if ( $_REQUEST['modfunc'] === 'update'
&& AllowEdit() )
{
if ( $_REQUEST['values'] && $_POST['values'])
if ( $_REQUEST['values']
&& $_POST['values'] )
{
foreach ( (array) $_REQUEST['values'] as $id => $columns)
foreach ( (array) $_REQUEST['values'] as $id => $columns )
{
// FJ fix SQL bug invalid sort order.
if (empty($columns['SORT_ORDER']) || is_numeric($columns['SORT_ORDER']))
......@@ -63,12 +68,13 @@ if ( $_REQUEST['modfunc']=='update' && AllowEdit())
$error[] = _('Please enter a valid Sort Order.');
}
}
$_REQUEST['modfunc'] = false;
}
DrawHeader(ProgramTitle());
// Unset modfunc & redirect URL.
RedirectURL( 'modfunc' );
}
if ( $_REQUEST['modfunc'] === 'remove' && AllowEdit() )
if ( $_REQUEST['modfunc'] === 'remove'
&& AllowEdit() )
{
if ( $_REQUEST['table']!='new')
{
......@@ -76,25 +82,31 @@ if ( $_REQUEST['modfunc'] === 'remove' && AllowEdit() )
{
DBQuery("DELETE FROM ATTENDANCE_CODES WHERE ID='" . $_REQUEST['id'] . "'");
// Unset modfunc & ID.
$_REQUEST['modfunc'] = false;
$_SESSION['_REQUEST_vars']['modfunc'] = false;
$_SESSION['_REQUEST_vars']['id'] = false;
// Unset modfunc & ID & redirect URL.
RedirectURL( array( 'modfunc', 'id' ) );
}
}
else
elseif ( DeletePrompt( _( 'Category' ) ) )
{
if ( DeletePrompt( _( 'Category' ) ) )
{
DBQuery("DELETE FROM ATTENDANCE_CODE_CATEGORIES WHERE ID='" . $_REQUEST['id'] . "'");
DBQuery("DELETE FROM ATTENDANCE_CODES WHERE TABLE_NAME='".$_REQUEST['id']."'");
DBQuery("UPDATE COURSE_PERIODS SET DOES_ATTENDANCE=replace(DOES_ATTENDANCE,',$_REQUEST[id],',',') WHERE SYEAR='".UserSyear()."' AND SCHOOL_ID='".UserSchool()."'");
DBQuery("UPDATE COURSE_PERIODS SET DOES_ATTENDANCE=NULL WHERE DOES_ATTENDANCE=',' AND SYEAR='".UserSyear()."' AND SCHOOL_ID='".UserSchool()."'");
$_REQUEST['modfunc'] = false;
$_SESSION['_REQUEST_vars']['modfunc'] = false;
unset( $_SESSION['_REQUEST_vars']['id'] );
}
DBQuery( "DELETE FROM ATTENDANCE_CODE_CATEGORIES
WHERE ID='" . $_REQUEST['id'] . "'" );
DBQuery( "DELETE FROM ATTENDANCE_CODES
WHERE TABLE_NAME='" . $_REQUEST['id'] . "'" );