$price_in_home_currency = to_home_currency($price, $currency, $date);
else
$price_in_home_currency = $price;
- $sql = "SELECT material_cost FROM ".TB_PREF."stock_master WHERE stock_id='$stock_id'";
+ $sql = "SELECT material_cost FROM ".TB_PREF."stock_master WHERE stock_id=".db_escape($stock_id);
$result = db_query($sql);
$myrow = db_fetch($result);
$material_cost = $myrow['material_cost'];
if ($adj_only)
- $exclude = 13;
+ $exclude = ST_CUSTDELIVERY;
else
$exclude = 0;
$qoh = get_qoh_on_date($stock_id, null, $date, $exclude);
$material_cost = ($qoh * $material_cost + $qty * $price_in_home_currency) / ($qoh + $qty);
$sql = "UPDATE ".TB_PREF."stock_master SET material_cost=".db_escape($material_cost)."
- WHERE stock_id='$stock_id'";
+ WHERE stock_id=".db_escape($stock_id);
db_query($sql,"The cost details for the inventory item could not be updated");
return $material_cost;
}
$order_line->standard_cost, $order_line->receive_qty, $order_line->price);
/* Update location stock records - NB a po cannot be entered for a service/kit parts */
- add_stock_move(25, $order_line->stock_id, $grn, $location, $date_, "",
+ add_stock_move(ST_SUPPRECEIVE, $order_line->stock_id, $grn, $location, $date_, "",
$order_line->receive_qty, $order_line->standard_cost,
$po->supplier_id, 1, $order_line->price);
} /*quantity received is != 0 */
} /*end of order_line loop */
- $Refs->save(25, $grn, $reference);
+ $Refs->save(ST_SUPPRECEIVE, $grn, $reference);
- add_audit_trail(25, $grn, $date_);
+ add_audit_trail(ST_SUPPRECEIVE, $grn, $date_);
commit_transaction();
$quantity_received, $price)
{
$sql = "UPDATE ".TB_PREF."purch_order_details
- SET quantity_received = quantity_received + $quantity_received,
- std_cost_unit=$standard_unit_cost,
- act_price=$price
- WHERE po_detail_item = $po_detail_item";
+ SET quantity_received = quantity_received + ".db_escape($quantity_received).",
+ std_cost_unit=".db_escape($standard_unit_cost).",
+ act_price=".db_escape($price)."
+ WHERE po_detail_item = ".db_escape($po_detail_item);
db_query($sql, "a purchase order details record could not be updated. This receipt of goods has not been processed ");
$sql = "INSERT INTO ".TB_PREF."grn_items (grn_batch_id, po_detail_item, item_code, description, qty_recd)
- VALUES ($grn_batch_id, $po_detail_item, ".db_escape($item_code).", ".db_escape($description).", $quantity_received)";
+ VALUES (".db_escape($grn_batch_id).", "
+ .db_escape($po_detail_item).", ".db_escape($item_code).", ".db_escape($description)
+ .", ".db_escape($quantity_received).")";
db_query($sql, "A GRN detail item could not be inserted.");
//----------------------------------------------------------------------------------------
function get_grn_batch_from_item($item)
{
- $sql = "SELECT grn_batch_id FROM ".TB_PREF."grn_items WHERE id=$item";
+ $sql = "SELECT grn_batch_id FROM ".TB_PREF."grn_items WHERE id=".db_escape($item);
$result = db_query($sql, "Could not retreive GRN batch id");
$row = db_fetch_row($result);
return $row[0];
function get_grn_batch($grn)
{
- $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE id=$grn";
+ $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn);
$result = db_query($sql, "Could not retreive GRN batch id");
return db_fetch($result);
}
$sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*
FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items
WHERE ".TB_PREF."grn_items.grn_batch_id=".TB_PREF."grn_batch.id
- AND ".TB_PREF."grn_items.id=$entered_grn->id
- AND ".TB_PREF."grn_items.item_code='$entered_grn->item_code' ";
+ AND ".TB_PREF."grn_items.id=".db_escape($entered_grn->id)."
+ AND ".TB_PREF."grn_items.item_code=".db_escape($entered_grn->item_code);
$result = db_query($sql, "Could not retreive GRNS");
$myrow = db_fetch($result);
$sql = "UPDATE ".TB_PREF."purch_order_details
- SET quantity_received = quantity_received + $entered_grn->this_quantity_inv,
- quantity_ordered = quantity_ordered + $entered_grn->this_quantity_inv,
- qty_invoiced = qty_invoiced + $entered_grn->this_quantity_inv,
- std_cost_unit=$mcost,
- act_price=$entered_grn->chg_price
+ SET quantity_received = quantity_received + "
+ .db_escape($entered_grn->this_quantity_inv).",
+ quantity_ordered = quantity_ordered + "
+ .db_escape($entered_grn->this_quantity_inv).",
+ qty_invoiced = qty_invoiced + ".db_escape($entered_grn->this_quantity_inv).",
+ std_cost_unit=".db_escape($mcost).",
+ act_price=".db_escape($entered_grn->chg_price)."
WHERE po_detail_item = ".$myrow["po_detail_item"];
db_query($sql, "a purchase order details record could not be updated. This receipt of goods has not been processed ");
//$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=0, quantity_inv=0 WHERE id=$entered_grn->id";
- $sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=qty_recd+$entered_grn->this_quantity_inv,
- quantity_inv=quantity_inv+$entered_grn->this_quantity_inv WHERE id=$entered_grn->id";
+ $sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=qty_recd+".db_escape($entered_grn->this_quantity_inv)
+ .",quantity_inv=quantity_inv+".db_escape($entered_grn->this_quantity_inv)
+ ." WHERE id=".db_escape($entered_grn->id);
db_query($sql);
- add_stock_move(21, $entered_grn->item_code, $transno, $myrow['loc_code'], $date, "",
+ add_stock_move(ST_SUPPCREDIT, $entered_grn->item_code, $transno, $myrow['loc_code'], $date, "",
$entered_grn->this_quantity_inv, $mcost, $supplier, 1, $entered_grn->chg_price);
}
function get_grn_items($grn_batch_id=0, $supplier_id="", $outstanding_only=false,
$is_invoiced_only=false, $invoice_no=0, $begin="", $end="")
{
- $sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*, ".TB_PREF."purch_order_details.unit_price,
+ $sql = "SELECT ".TB_PREF."grn_batch.*, ".TB_PREF."grn_items.*, "
+ .TB_PREF."purch_order_details.unit_price,
".TB_PREF."purch_order_details.std_cost_unit, units
- FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items, ".TB_PREF."purch_order_details, ".TB_PREF."stock_master";
+ FROM ".TB_PREF."grn_batch, ".TB_PREF."grn_items, "
+ .TB_PREF."purch_order_details, ".TB_PREF."stock_master";
if ($invoice_no != 0)
$sql .= ", ".TB_PREF."supp_invoice_items";
$sql .= " WHERE ".TB_PREF."grn_items.grn_batch_id=".TB_PREF."grn_batch.id
AND ".TB_PREF."grn_items.po_detail_item=".TB_PREF."purch_order_details.po_detail_item";
if ($invoice_no != 0)
- $sql .= " AND ".TB_PREF."supp_invoice_items.supp_trans_type=20 AND
+ $sql .= " AND ".TB_PREF."supp_invoice_items.supp_trans_type=".ST_SUPPINVOICE." AND
".TB_PREF."supp_invoice_items.supp_trans_no=$invoice_no AND
".TB_PREF."grn_items.id=".TB_PREF."supp_invoice_items.grn_item_id";
$sql .= " AND ".TB_PREF."stock_master.stock_id=".TB_PREF."grn_items.item_code ";
if ($end != "")
$sql .= " AND ".TB_PREF."grn_batch.delivery_date<='".date2sql($end)."'";
if ($grn_batch_id != 0)
- $sql .= " AND ".TB_PREF."grn_batch.id=$grn_batch_id AND ".TB_PREF."grn_items.grn_batch_id=$grn_batch_id ";
+ $sql .= " AND ".TB_PREF."grn_batch.id=".db_escape($grn_batch_id)
+ ." AND ".TB_PREF."grn_items.grn_batch_id=".db_escape($grn_batch_id);
if ($is_invoiced_only)
$sql .= " AND ".TB_PREF."grn_items.quantity_inv > 0";
$sql .= " AND ".TB_PREF."grn_items.qty_recd - ".TB_PREF."grn_items.quantity_inv > 0";
if ($supplier_id != "")
- $sql .= " AND ".TB_PREF."grn_batch.supplier_id ='$supplier_id' ";
+ $sql .= " AND ".TB_PREF."grn_batch.supplier_id =".db_escape($supplier_id);
$sql .= " ORDER BY ".TB_PREF."grn_batch.delivery_date, ".TB_PREF."grn_batch.id, ".TB_PREF."grn_items.id";
FROM ".TB_PREF."grn_items, ".TB_PREF."purch_order_details, ".TB_PREF."stock_master
WHERE ".TB_PREF."grn_items.po_detail_item=".TB_PREF."purch_order_details.po_detail_item
AND ".TB_PREF."stock_master.stock_id=".TB_PREF."grn_items.item_code
- AND ".TB_PREF."grn_items.id=$grn_item_no";
+ AND ".TB_PREF."grn_items.id=".db_escape($grn_item_no);
$result = db_query($sql, "could not retreive grn item details");
return db_fetch($result);
function read_grn($grn_batch, &$order)
{
- $sql= "SELECT * FROM ".TB_PREF."grn_batch WHERE id=$grn_batch";
+ $sql= "SELECT * FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn_batch);
$result = db_query($sql, "The grn sent is not valid");
function get_po_grns($po_number)
{
- $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE purch_order_no=$po_number";
+ $sql = "SELECT * FROM ".TB_PREF."grn_batch WHERE purch_order_no=".db_escape($po_number);
return db_query($sql, "The grns for the po $po_number could not be retreived");
}
function exists_grn($grn_batch)
{
- $sql = "SELECT id FROM ".TB_PREF."grn_batch WHERE id=$grn_batch";
+ $sql = "SELECT id FROM ".TB_PREF."grn_batch WHERE id=".db_escape($grn_batch);
$result = db_query($sql, "Cannot retreive a grn");
return (db_num_rows($result) > 0);
$sql = "SELECT ".TB_PREF."supp_invoice_items.id FROM ".TB_PREF."supp_invoice_items,".TB_PREF."grn_items
WHERE ".TB_PREF."supp_invoice_items.grn_item_id=".TB_PREF."grn_items.id
AND quantity != 0
- AND grn_batch_id=$grn_batch";
+ AND grn_batch_id=".db_escape($grn_batch);
$result = db_query($sql, "Cannot query GRNs");
return (db_num_rows($result) > 0);
begin_transaction();
- void_bank_trans(25, $grn_batch, true);
- void_gl_trans(25, $grn_batch, true);
+ void_bank_trans(ST_SUPPRECEIVE, $grn_batch, true);
+ void_gl_trans(ST_SUPPRECEIVE, $grn_batch, true);
// clear the quantities of the grn items in the POs and invoices
$result = get_grn_items($grn_batch);
// clear the quantities in the grn items
$sql = "UPDATE ".TB_PREF."grn_items SET qty_recd=0, quantity_inv=0
- WHERE grn_batch_id=$grn_batch";
+ WHERE grn_batch_id=".db_escape($grn_batch);
db_query($sql, "A grn detail item could not be voided.");
// clear the stock move items
- void_stock_move(25, $grn_batch);
+ void_stock_move(ST_SUPPRECEIVE, $grn_batch);
commit_transaction();