projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Additional fixes to upgrade scripts.
[fa-stable.git]
/
inventory
/
inquiry
/
stock_movements.php
diff --git
a/inventory/inquiry/stock_movements.php
b/inventory/inquiry/stock_movements.php
index bf80e27a6688085baa596c9ef2750bb595f988e2..75837a11089860a0d6b75bc7bd8b228a5796e4d1 100644
(file)
--- a/
inventory/inquiry/stock_movements.php
+++ b/
inventory/inquiry/stock_movements.php
@@
-64,10
+64,10
@@
$after_date = date2sql($_POST['AfterDate']);
$sql = "SELECT type, trans_no, tran_date, person_id, qty, reference
FROM ".TB_PREF."stock_moves
$sql = "SELECT type, trans_no, tran_date, person_id, qty, reference
FROM ".TB_PREF."stock_moves
- WHERE loc_code=
'" . $_POST['StockLocation'] . "'
+ WHERE loc_code=
".db_escape($_POST['StockLocation'])."
AND tran_date >= '". $after_date . "'
AND tran_date <= '" . $before_date . "'
AND tran_date >= '". $after_date . "'
AND tran_date <= '" . $before_date . "'
- AND stock_id =
'" . $_POST['stock_id'] . "'
ORDER BY tran_date,trans_id";
+ AND stock_id =
".db_escape($_POST['stock_id']) . "
ORDER BY tran_date,trans_id";
$result = db_query($sql, "could not query stock moves");
check_db_error("The stock movements for the selected criteria could not be retrieved",$sql);
$result = db_query($sql, "could not query stock moves");
check_db_error("The stock movements for the selected criteria could not be retrieved",$sql);
@@
-79,8
+79,8
@@
$th = array(_("Type"), _("#"), _("Reference"), _("Date"), _("Detail"),
table_header($th);
table_header($th);
-$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id=
'" . $_POST['stock_id'] . "'
- AND loc_code=
'" . $_POST['StockLocation'] . "'
+$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id=
".db_escape($_POST['stock_id']) . "
+ AND loc_code=
".db_escape( $_POST['StockLocation']) . "
AND tran_date < '" . $after_date . "'";
$before_qty = db_query($sql, "The starting quantity on hand could not be calculated");
AND tran_date < '" . $after_date . "'";
$before_qty = db_query($sql, "The starting quantity on hand could not be calculated");
@@
-136,7
+136,7
@@
while ($myrow = db_fetch($result))
$person = $myrow["person_id"];
$gl_posting = "";
$person = $myrow["person_id"];
$gl_posting = "";
- if (($myrow["type"] ==
13) || ($myrow["type"] == 11
))
+ if (($myrow["type"] ==
ST_CUSTDELIVERY) || ($myrow["type"] == ST_CUSTCREDIT
))
{
$cust_row = get_customer_details_from_trans($myrow["type"], $myrow["trans_no"]);
{
$cust_row = get_customer_details_from_trans($myrow["type"], $myrow["trans_no"]);
@@
-144,7
+144,7
@@
while ($myrow = db_fetch($result))
$person = $cust_row['name'] . " (" . $cust_row['br_name'] . ")";
}
$person = $cust_row['name'] . " (" . $cust_row['br_name'] . ")";
}
- elseif ($myrow["type"] ==
25 || $myrow['type'] == 21
)
+ elseif ($myrow["type"] ==
ST_SUPPRECEIVE || $myrow['type'] == ST_SUPPCREDIT
)
{
// get the supplier name
$sql = "SELECT supp_name FROM ".TB_PREF."suppliers WHERE supplier_id = '" . $myrow["person_id"] . "'";
{
// get the supplier name
$sql = "SELECT supp_name FROM ".TB_PREF."suppliers WHERE supplier_id = '" . $myrow["person_id"] . "'";
@@
-161,8
+161,8
@@
while ($myrow = db_fetch($result))
$movement_type = get_movement_type($myrow["person_id"]);
$person = $movement_type["name"];
}
$movement_type = get_movement_type($myrow["person_id"]);
$person = $movement_type["name"];
}
- elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] ==
28
||
- $myrow["type"] ==
29
)
+ elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] ==
ST_MANUISSUE
||
+ $myrow["type"] ==
ST_MANURECEIVE
)
{
$person = "";
}
{
$person = "";
}