- { //not a new supplier
-
- $sql = "INSERT INTO ".TB_PREF."suppliers (supp_name, address, email, bank_account, dimension_id, dimension2_id, curr_code,
- payment_terms, payable_account, purchase_account, payment_discount_account, tax_group_id)
- VALUES ('" . $_POST['supp_name'] . "', '" .
- $_POST['address'] . "', '" .
- $_POST['email'] . "', '" .
- $_POST['bank_account'] . "', " .
- $_POST['dimension_id'] . ", " .
- $_POST['dimension2_id'] . ", '" .
- $_POST['curr_code'] . "', '" .
- $_POST['payment_terms'] . "', '" .
- $_POST['payable_account'] . "', '" .
- $_POST['purchase_account'] . "', '" .
- $_POST['payment_discount_account'] . "', " .
- $_POST['tax_group_id'] . ")";
+ {
+
+ $sql = "INSERT INTO ".TB_PREF."suppliers (supp_name, address, supp_address, phone, fax, gst_no, email, website,
+ contact, supp_account_no, bank_account, credit_limit, dimension_id, dimension2_id, curr_code,
+ payment_terms, payable_account, purchase_account, payment_discount_account, notes, tax_group_id)
+ VALUES (".db_escape($_POST['supp_name']). ", "
+ .db_escape($_POST['address']) . ", "
+ .db_escape($_POST['supp_address']) . ", "
+ .db_escape($_POST['phone']). ", "
+ .db_escape($_POST['fax']). ", "
+ .db_escape($_POST['gst_no']). ", "
+ .db_escape($_POST['email']). ", "
+ .db_escape($_POST['website']). ", "
+ .db_escape($_POST['contact']). ", "
+ .db_escape($_POST['supp_account_no']). ", "
+ .db_escape($_POST['bank_account']). ", "
+ .db_escape($_POST['credit_limit']). ", "
+ .db_escape($_POST['dimension_id']). ", "
+ .db_escape($_POST['dimension2_id']). ", "
+ .db_escape($_POST['curr_code']). ", "
+ .db_escape($_POST['payment_terms']). ", "
+ .db_escape($_POST['payable_account']). ", "
+ .db_escape($_POST['purchase_account']). ", "
+ .db_escape($_POST['payment_discount_account']). ", "
+ .db_escape($_POST['notes']). ", "
+ .db_escape($_POST['tax_group_id']). ")";