SQL injection fix

[fa-stable.git] / gl / includes / db / gl_db_account_types.inc

diff --git a/gl/includes/db/gl_db_account_types.inc b/gl/includes/db/gl_db_account_types.inc
index 7e008f8d6964139a752152a279c6fc4b06483b0e..25049c43edb9e907c5e6ced6d0b4b1757d91d087 100644 (file)
--- a/gl/includes/db/gl_db_account_types.inc
+++ b/gl/includes/db/gl_db_account_types.inc
@@ -1,13 +1,13 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-       Released under the terms of the GNU Affero General Public License,
-       AGPL, as published by the Free Software Foundation, either version 
-       3 of the License, or (at your option) any later version.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 function add_account_type($id, $name, $class_id, $parent)
 {
@@ -25,9 +25,12 @@ function update_account_type($id, $name, $class_id, $parent)
        db_query($sql, "could not update account type");
 }
 
-function get_account_types()
+function get_account_types($all=false)
 {
-       $sql = "SELECT * FROM ".TB_PREF."chart_types ORDER BY class_id, id";
+       $sql = "SELECT * FROM ".TB_PREF."chart_types";
+
+       if (!$all) $sql .= " WHERE !inactive";
+       $sql .= " ORDER BY class_id, id";
 
        return db_query($sql, "could not get account types");
 }
@@ -51,7 +54,6 @@ function get_account_type_name($id)
        return $row[0];
 }
 
-
 function delete_account_type($id)
 {
        $sql = "DELETE FROM ".TB_PREF."chart_types WHERE id = $id";
@@ -59,25 +61,27 @@ function delete_account_type($id)
        db_query($sql, "could not delete account type");
 }
 
-function add_account_class($id, $name, $balance)
+function add_account_class($id, $name, $ctype)
 {
-       $sql = "INSERT INTO ".TB_PREF."chart_class (cid, class_name, balance_sheet)
-               VALUES ($id, ".db_escape($name).", $balance)";
+       $sql = "INSERT INTO ".TB_PREF."chart_class (cid, class_name, ctype)
+               VALUES ($id, ".db_escape($name).", $ctype)";
 
        db_query($sql, "could not add account type");
 }
 
-function update_account_class($id, $name, $balance)
+function update_account_class($id, $name, $ctype)
 {
     $sql = "UPDATE ".TB_PREF."chart_class SET class_name=".db_escape($name).",
-               balance_sheet=$balance WHERE cid = $id";
+               ctype=$ctype WHERE cid = $id";
 
        db_query($sql, "could not update account type");
 }
 
-function get_account_classes()
+function get_account_classes($all=false)
 {
-       $sql = "SELECT * FROM ".TB_PREF."chart_class ORDER BY cid";
+       $sql = "SELECT * FROM ".TB_PREF."chart_class";
+       if (!$all) $sql .= " WHERE !inactive";
+       $sql .= " ORDER BY cid";
 
        return db_query($sql, "could not get account types");
 }
@@ -101,7 +105,6 @@ function get_account_class_name($id)
        return $row[0];
 }
 
-
 function delete_account_class($id)
 {
        $sql = "DELETE FROM ".TB_PREF."chart_class WHERE cid = $id";
@@ -109,5 +112,4 @@ function delete_account_class($id)
        db_query($sql, "could not delete account type");
 }
 
-
 ?>
\ No newline at end of file