$sql = "SELECT type, trans_no, tran_date, person_id, qty, reference
FROM ".TB_PREF."stock_moves
- WHERE loc_code='" . $_POST['StockLocation'] . "'
+ WHERE loc_code=".db_escape($_POST['StockLocation'])."
AND tran_date >= '". $after_date . "'
AND tran_date <= '" . $before_date . "'
- AND stock_id = '" . $_POST['stock_id'] . "' ORDER BY tran_date,trans_id";
+ AND stock_id = ".db_escape($_POST['stock_id']) . " ORDER BY tran_date,trans_id";
$result = db_query($sql, "could not query stock moves");
check_db_error("The stock movements for the selected criteria could not be retrieved",$sql);
table_header($th);
-$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id='" . $_POST['stock_id'] . "'
- AND loc_code='" . $_POST['StockLocation'] . "'
+$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id=".db_escape($_POST['stock_id']) . "
+ AND loc_code=".db_escape( $_POST['StockLocation']) . "
AND tran_date < '" . $after_date . "'";
$before_qty = db_query($sql, "The starting quantity on hand could not be calculated");
$person = $myrow["person_id"];
$gl_posting = "";
- if (($myrow["type"] == 13) || ($myrow["type"] == 11))
+ if (($myrow["type"] == ST_CUSTDELIVERY) || ($myrow["type"] == ST_CUSTCREDIT))
{
$cust_row = get_customer_details_from_trans($myrow["type"], $myrow["trans_no"]);
$person = $cust_row['name'] . " (" . $cust_row['br_name'] . ")";
}
- elseif ($myrow["type"] == 25 || $myrow['type'] == 21)
+ elseif ($myrow["type"] == ST_SUPPRECEIVE || $myrow['type'] == ST_SUPPCREDIT)
{
// get the supplier name
$sql = "SELECT supp_name FROM ".TB_PREF."suppliers WHERE supplier_id = '" . $myrow["person_id"] . "'";
$movement_type = get_movement_type($myrow["person_id"]);
$person = $movement_type["name"];
}
- elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] == 28 ||
- $myrow["type"] == 29)
+ elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] == ST_MANUISSUE ||
+ $myrow["type"] == ST_MANURECEIVE)
{
$person = "";
}