item_code = ".db_escape($item_code).",
stock_id = ".db_escape($stock_id).",
description = ".db_escape($description).",
- category_id = $category,
+ category_id = ".db_escape($category).",
quantity = ".db_escape($qty).",
is_foreign = ".db_escape($foreign)."
WHERE ";
$sql .= "item_code = ".db_escape($item_code)
." AND stock_id = ".db_escape($stock_id);
else
- $sql .= "id = $id";
+ $sql .= "id = ".db_escape($id);
db_query($sql,"an item code could not be updated");
}
$sql = "INSERT INTO ".TB_PREF."item_codes
(item_code, stock_id, description, category_id, quantity, is_foreign)
VALUES( ".db_escape($item_code).",".db_escape($stock_id).",
- ".db_escape($description).",$category,".db_escape($qty).",".$foreign.")";
+ ".db_escape($description).",".db_escape($category)
+ .",".db_escape($qty).",".db_escape($foreign).")";
db_query($sql,"an item code could not be added");
}
function delete_item_code($id)
{
- $sql="DELETE FROM ".TB_PREF."item_codes WHERE id='$id'";
+ $sql="DELETE FROM ".TB_PREF."item_codes WHERE id=".db_escape($id);
db_query($sql,"an item code could not be deleted");
}
function get_item_code($id)
{
- $sql="SELECT * FROM ".TB_PREF."item_codes WHERE id='$id'";
+ $sql="SELECT * FROM ".TB_PREF."item_codes WHERE id=".db_escape($id);
$result = db_query($sql,"item code could not be retrieved");
$sql="SELECT i.*, c.description as cat_name FROM "
.TB_PREF."item_codes as i,"
.TB_PREF."stock_category as c
- WHERE stock_id='$stock_id'
+ WHERE stock_id=".db_escape($stock_id)."
AND i.category_id=c.category_id
- AND i.is_foreign=$foreign";
+ AND i.is_foreign=".db_escape($foreign);
$result = db_query($sql,"all item codes could not be retrieved");
function delete_item_kit($item_code)
{
- $sql="DELETE FROM ".TB_PREF."item_codes WHERE item_code='$item_code'";
+ $sql="DELETE FROM ".TB_PREF."item_codes WHERE item_code=".db_escape($item_code);
db_query($sql,"an item kit could not be deleted");
}
item.stock_id=comp.item_code
WHERE
kit.stock_id=comp.item_code
- AND kit.item_code='$item_code'";
+ AND kit.item_code=".db_escape($item_code);
$result = db_query($sql,"item kit could not be retrieved");
{
$sql = "SELECT units, decimals, description, category_id
FROM ".TB_PREF."stock_master,".TB_PREF."item_units
- WHERE stock_id='$stock_id'";
+ WHERE stock_id=".db_escape($stock_id);
$result = db_query($sql,"item code defaults could not be retrieved");
return db_fetch($result);
function check_item_in_kit($old_id, $kit_code, $item_code, $recurse=false)
{
$result = get_item_kit($kit_code);
- if ($result != 0)
+ if ($result)
{
while ($myrow = db_fetch($result))
{
function get_kit_props($kit_code)
{
$sql = "SELECT description, category_id FROM ".TB_PREF."item_codes "
- . " WHERE item_code='$kit_code'";
+ . " WHERE item_code=".db_escape($kit_code);
$res = db_query($sql, "kit name query failed");
return db_fetch($res);
}
function update_kit_props($kit_code, $name, $category)
{
$sql = "UPDATE ".TB_PREF."item_codes SET description="
- . db_escape($name).",category_id=".db_escape($category)
- . " WHERE item_code='$kit_code'";
+ . db_escape($name).",category_id=".db_escape($category)
+ . " WHERE item_code=".db_escape($kit_code);
db_query($sql, "kit name update failed");
}
{
$sql = "SELECT item_code, description FROM "
.TB_PREF."item_codes "
- . " WHERE stock_id='$item_code'
- AND item_code!='$item_code'";
+ . " WHERE stock_id=".db_escape($item_code)."
+ AND item_code!=".db_escape($item_code);
return db_query($sql, "where used query failed");
}
-?>
\ No newline at end of file
projects / fa-stable.git / blobdiff