gitea_admin/erp_naurua
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden order import SQL with explicit public schema

Browse Source
This commit is contained in:
Mathias Gläser
2026-03-29 20:46:01 +02:00
parent b214723a46
commit 49770a58ec
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
order-import.php
View File

@@ -116,7 +116,7 @@ function lookup_method_id(PDO $pdo, string $table, ?string $code): ?int
return null; return null;
} }
$stmt = $pdo->prepare("SELECT id FROM {$table} WHERE code = :code LIMIT 1"); $stmt = $pdo->prepare("SELECT id FROM public.{$table} WHERE code = :code LIMIT 1");
$stmt->execute([':code' => $code]); $stmt->execute([':code' => $code]);
$id = $stmt->fetchColumn(); $id = $stmt->fetchColumn();
return $id === false ? null : (int) $id; return $id === false ? null : (int) $id;
@@ -211,19 +211,19 @@ function find_or_create_party(PDO $pdo, array $data): int
} }
if ($email !== '') { if ($email !== '') {
$findStmt = $pdo->prepare('SELECT id FROM party WHERE lower(email) = lower(:email) ORDER BY id ASC LIMIT 1'); $findStmt = $pdo->prepare('SELECT id FROM public.party WHERE lower(email) = lower(:email) ORDER BY id ASC LIMIT 1');
$findStmt->execute([':email' => $email]); $findStmt->execute([':email' => $email]);
$existing = $findStmt->fetchColumn(); $existing = $findStmt->fetchColumn();
if ($existing !== false) { if ($existing !== false) {
$partyId = (int) $existing; $partyId = (int) $existing;
$updateStmt = $pdo->prepare('UPDATE party SET name = :name, updated_at = NOW() WHERE id = :id'); $updateStmt = $pdo->prepare('UPDATE public.party SET name = :name, updated_at = NOW() WHERE id = :id');
$updateStmt->execute([':id' => $partyId, ':name' => $name]); $updateStmt->execute([':id' => $partyId, ':name' => $name]);
return $partyId; return $partyId;
} }
} }
$insertStmt = $pdo->prepare( $insertStmt = $pdo->prepare(
'INSERT INTO party (type, name, email, status, created_at, updated_at) 'INSERT INTO public.party (type, name, email, status, created_at, updated_at)
VALUES (\'customer\', :name, :email, \'active\', NOW(), NOW()) VALUES (\'customer\', :name, :email, \'active\', NOW(), NOW())
RETURNING id' RETURNING id'
); );
@@ -242,11 +242,11 @@ function find_or_create_party(PDO $pdo, array $data): int
function upsert_addresses(PDO $pdo, int $partyId, array $data): void function upsert_addresses(PDO $pdo, int $partyId, array $data): void
{ {
$delete = $pdo->prepare('DELETE FROM address WHERE party_id = :party_id AND type IN (\'billing\', \'shipping\')'); $delete = $pdo->prepare('DELETE FROM public.address WHERE party_id = :party_id AND type IN (\'billing\', \'shipping\')');
$delete->execute([':party_id' => $partyId]); $delete->execute([':party_id' => $partyId]);
$insert = $pdo->prepare( $insert = $pdo->prepare(
'INSERT INTO address ( 'INSERT INTO public.address (
party_id, type, first_name, last_name, street, house_number, zip, city, state_code, country_name, raw_payload, created_at, updated_at party_id, type, first_name, last_name, street, house_number, zip, city, state_code, country_name, raw_payload, created_at, updated_at
) VALUES ( ) VALUES (
:party_id, :type, :first_name, :last_name, :street, :house_number, :zip, :city, :state_code, :country_name, :raw_payload::jsonb, NOW(), NOW() :party_id, :type, :first_name, :last_name, :street, :house_number, :zip, :city, :state_code, :country_name, :raw_payload::jsonb, NOW(), NOW()
@@ -337,7 +337,7 @@ try {
$shippingMethodId = lookup_method_id($pdo, 'shipping_method', map_shipping_code((string) ($data['Liefermethode'] ?? ''))); $shippingMethodId = lookup_method_id($pdo, 'shipping_method', map_shipping_code((string) ($data['Liefermethode'] ?? '')));
$orderStmt = $pdo->prepare( $orderStmt = $pdo->prepare(
'INSERT INTO sales_order ( 'INSERT INTO public.sales_order (
external_ref, party_id, order_source, order_status, payment_status, payment_method_id, shipping_method_id, external_ref, party_id, order_source, order_status, payment_status, payment_method_id, shipping_method_id,
amount_net, amount_shipping, amount_tax, amount_discount, total_amount, currency, webhook_payload, imported_at, created_at, updated_at amount_net, amount_shipping, amount_tax, amount_discount, total_amount, currency, webhook_payload, imported_at, created_at, updated_at
) VALUES ( ) VALUES (
@@ -382,11 +382,11 @@ try {
} }
$orderId = (int) $orderId; $orderId = (int) $orderId;
$deleteLines = $pdo->prepare('DELETE FROM sales_order_line WHERE sales_order_id = :sales_order_id'); $deleteLines = $pdo->prepare('DELETE FROM public.sales_order_line WHERE sales_order_id = :sales_order_id');
$deleteLines->execute([':sales_order_id' => $orderId]); $deleteLines->execute([':sales_order_id' => $orderId]);
$lineInsert = $pdo->prepare( $lineInsert = $pdo->prepare(
'INSERT INTO sales_order_line ( 'INSERT INTO public.sales_order_line (
sales_order_id, line_no, sellable_item_id, raw_external_article_number, raw_external_title, sales_order_id, line_no, sellable_item_id, raw_external_article_number, raw_external_title,
qty, unit_price, line_total, created_at, updated_at qty, unit_price, line_total, created_at, updated_at
) VALUES ( ) VALUES (