MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
-$page_security = 4;
-$path_to_root="..";
+$page_security = 'SA_PURCHASEPRICING';
+$path_to_root = "..";
include_once($path_to_root . "/includes/session.inc");
page(_("Supplier Purchasing Data"));
$sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
conversion_factor, supplier_description) VALUES (";
$sql .= "'".$_POST['supplier_id']."', '" . $_POST['stock_id'] . "', " .
- input_num('price') . ", '" . $_POST['suppliers_uom'] . "', " .
- input_num('conversion_factor') . ", '" . $_POST['supplier_description'] . "')";
+ input_num('price',0) . ", '" . $_POST['suppliers_uom'] . "', " .
+ input_num('conversion_factor') . ", " . db_escape($_POST['supplier_description']) . ")";
db_query($sql,"The supplier purchasing details could not be added");
display_notification(_("This supplier purchasing data has been added."));
} else
{
- $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price') . ",
+ $sql = "UPDATE ".TB_PREF."purch_data SET price=" . input_num('price',0) . ",
suppliers_uom='" . $_POST['suppliers_uom'] . "',
conversion_factor=" . input_num('conversion_factor') . ",
- supplier_description='" . $_POST['supplier_description'] . "'
+ supplier_description=" . db_escape($_POST['supplier_description']) . "
WHERE stock_id='" . $_POST['stock_id'] . "' AND
supplier_id='$selected_id'";
db_query($sql,"The supplier purchasing details could not be updated");
alt_table_row_color($k);
label_cell($myrow["supp_name"]);
- amount_cell($myrow["price"]);
+ amount_decimal_cell($myrow["price"]);
label_cell($myrow["curr_code"]);
label_cell($myrow["suppliers_uom"]);
qty_cell($myrow['conversion_factor'], false, user_exrate_dec());
//-----------------------------------------------------------------------------------------------
+$dec2 = 6;
if ($Mode =='Edit')
{
$myrow = db_fetch($result);
$supp_name = $myrow["supp_name"];
- $_POST['price'] = price_format($myrow["price"]);
+ $_POST['price'] = price_decimal_format($myrow["price"], $dec2);
$_POST['suppliers_uom'] = $myrow["suppliers_uom"];
$_POST['supplier_description'] = $myrow["supplier_description"];
$_POST['conversion_factor'] = exrate_format($myrow["conversion_factor"]);
supplier_list_row(_("Supplier:"), 'supplier_id', null, false, true);
$_POST['price'] = $_POST['suppliers_uom'] = $_POST['conversion_factor'] = $_POST['supplier_description'] = "";
}
-amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id));
+amount_row(_("Price:"), 'price', null,'', get_supplier_currency($selected_id), $dec2);
text_row(_("Suppliers Unit of Measure:"), 'suppliers_uom', null, 50, 51);
if (!isset($_POST['conversion_factor']) || $_POST['conversion_factor'] == "")