<?php
-
-$page_security = 10;
-$path_to_root="..";
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+$page_security = 'SA_BUDGETENTRY';
+$path_to_root = "..";
include($path_to_root . "/includes/session.inc");
add_js_file('budget.js');
function exists_gl_budget($date_, $account, $dimension, $dimension2)
{
- $sql = "SELECT account FROM ".TB_PREF."budget_trans WHERE account='$account' AND tran_date='$date_' AND
- dimension_id=$dimension AND dimension2_id=$dimension2";
+ $sql = "SELECT account FROM ".TB_PREF."budget_trans WHERE account=".db_escape($account)
+ ." AND tran_date='$date_' AND
+ dimension_id=".db_escape($dimension)." AND dimension2_id=".db_escape($dimension2);
$result = db_query($sql, "Cannot retreive a gl transaction");
return (db_num_rows($result) > 0);
$date = date2sql($date_);
if (exists_gl_budget($date, $account, $dimension, $dimension2))
- $sql = "UPDATE ".TB_PREF."budget_trans SET amount=$amount WHERE account='$account' AND
- dimension_id=$dimension AND dimension2_id=$dimension2 AND tran_date='$date'";
+ $sql = "UPDATE ".TB_PREF."budget_trans SET amount=".db_escape($amount)
+ ." WHERE account=".db_escape($account)
+ ." AND dimension_id=".db_escape($dimension)
+ ." AND dimension2_id=".db_escape($dimension2)
+ ." AND tran_date='$date'";
else
$sql = "INSERT INTO ".TB_PREF."budget_trans (tran_date,
account, dimension_id, dimension2_id, amount, memo_) VALUES ('$date',
- '$account', $dimension, $dimension2, $amount, '')";
+ ".db_escape($account).", ".db_escape($dimension).", "
+ .db_escape($dimension2).", ".db_escape($amount).", '')";
db_query($sql, "The GL budget transaction could not be saved");
}
{
$date = date2sql($date_);
- $sql = "DELETE FROM ".TB_PREF."budget_trans WHERE account='$account' AND
- dimension_id=$dimension AND dimension2_id=$dimension2 AND tran_date='$date'";
+ $sql = "DELETE FROM ".TB_PREF."budget_trans WHERE account=".db_escape($account)
+ ." AND dimension_id=".db_escape($dimension)
+ ." AND dimension2_id=".db_escape($dimension2)
+ ." AND tran_date='$date'";
db_query($sql, "The GL budget transaction could not be deleted");
}
$to = date2sql($to_date);
$sql = "SELECT SUM(amount) FROM ".TB_PREF."budget_trans
- WHERE account='$account' AND tran_date >= '$from' AND tran_date <= '$to'
- AND dimension_id = $dimension AND dimension2_id = $dimension2";
+ WHERE account=".db_escape($account)
+ ." AND tran_date >= '$from' AND tran_date <= '$to'
+ AND dimension_id = ".db_escape($dimension)
+ ." AND dimension2_id = ".db_escape($dimension2);
$result = db_query($sql,"No budget accounts were returned");
$row = db_fetch_row($result);
table_header($th);
$year = $_POST['fyear'];
if (get_post('update') == '') {
- $sql = "SELECT * FROM ".TB_PREF."fiscal_year WHERE id=$year";
+ $sql = "SELECT * FROM ".TB_PREF."fiscal_year WHERE id=".db_escape($year);
$result = db_query($sql, "could not get current fiscal year");
end_table(1);
div_end();
submit_center_first('update', _("Update"), '', null);
- submit('add', _("Save"), true, '', true);
+ submit('add', _("Save"), true, '', 'default');
submit_center_last('delete', _("Delete"), '', true);
}
end_form();
projects / fa-stable.git / blobdiff