Additional fixes to upgrade scripts.

[fa-stable.git] / inventory / inquiry / stock_movements.php

diff --git a/inventory/inquiry/stock_movements.php b/inventory/inquiry/stock_movements.php
index bf80e27a6688085baa596c9ef2750bb595f988e2..75837a11089860a0d6b75bc7bd8b228a5796e4d1 100644 (file)
--- a/inventory/inquiry/stock_movements.php
+++ b/inventory/inquiry/stock_movements.php
@@ -64,10 +64,10 @@ $after_date = date2sql($_POST['AfterDate']);
 
 $sql = "SELECT type, trans_no, tran_date, person_id, qty, reference
        FROM ".TB_PREF."stock_moves
-       WHERE loc_code='" . $_POST['StockLocation'] . "'
+       WHERE loc_code=".db_escape($_POST['StockLocation'])."
        AND tran_date >= '". $after_date . "'
        AND tran_date <= '" . $before_date . "'
-       AND stock_id = '" . $_POST['stock_id'] . "' ORDER BY tran_date,trans_id";
+       AND stock_id = ".db_escape($_POST['stock_id']) . " ORDER BY tran_date,trans_id";
 $result = db_query($sql, "could not query stock moves");
 
 check_db_error("The stock movements for the selected criteria could not be retrieved",$sql);
@@ -79,8 +79,8 @@ $th = array(_("Type"), _("#"), _("Reference"), _("Date"), _("Detail"),
 
 table_header($th);
 
-$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id='" . $_POST['stock_id'] . "'
-       AND loc_code='" . $_POST['StockLocation'] . "'
+$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id=".db_escape($_POST['stock_id']) . "
+       AND loc_code=".db_escape( $_POST['StockLocation']) . "
        AND tran_date < '" . $after_date . "'";
 $before_qty = db_query($sql, "The starting quantity on hand could not be calculated");
 
@@ -136,7 +136,7 @@ while ($myrow = db_fetch($result))
        $person = $myrow["person_id"];
        $gl_posting = "";
 
-       if (($myrow["type"] == 13) || ($myrow["type"] == 11))
+       if (($myrow["type"] == ST_CUSTDELIVERY) || ($myrow["type"] == ST_CUSTCREDIT))
        {
                $cust_row = get_customer_details_from_trans($myrow["type"], $myrow["trans_no"]);
 
@@ -144,7 +144,7 @@ while ($myrow = db_fetch($result))
                        $person = $cust_row['name'] . " (" . $cust_row['br_name'] . ")";
 
        }
-       elseif ($myrow["type"] == 25 || $myrow['type'] == 21)
+       elseif ($myrow["type"] == ST_SUPPRECEIVE || $myrow['type'] == ST_SUPPCREDIT)
        {
                // get the supplier name
                $sql = "SELECT supp_name FROM ".TB_PREF."suppliers WHERE supplier_id = '" . $myrow["person_id"] . "'";
@@ -161,8 +161,8 @@ while ($myrow = db_fetch($result))
                $movement_type = get_movement_type($myrow["person_id"]);
                $person = $movement_type["name"];
        }
-       elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] == 28  ||
-               $myrow["type"] == 29)
+       elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] == ST_MANUISSUE  ||
+               $myrow["type"] == ST_MANURECEIVE)
        {
                $person = "";
        }