function read_supplier_details_to_trans(&$supp_trans, $supplier_id)
{
- $sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."payment_terms.terms, ".TB_PREF."payment_terms.days_before_due,
+ $sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."payment_terms.terms, "
+ .TB_PREF."payment_terms.days_before_due,
".TB_PREF."payment_terms.day_in_following_month,
".TB_PREF."suppliers.tax_group_id, ".TB_PREF."tax_groups.name As tax_group_name
From ".TB_PREF."suppliers, ".TB_PREF."payment_terms, ".TB_PREF."tax_groups
WHERE ".TB_PREF."suppliers.tax_group_id = ".TB_PREF."tax_groups.id
AND ".TB_PREF."suppliers.payment_terms=".TB_PREF."payment_terms.terms_indicator
- AND ".TB_PREF."suppliers.supplier_id = '" . $supplier_id . "'";
+ AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
$result = db_query($sql, "The supplier record selected: " . $supplier_id . " cannot be retrieved");
if ($chg_price != null)
{
$sql = "SELECT act_price, unit_price FROM ".TB_PREF."purch_order_details WHERE
- po_detail_item = $po_detail_item";
+ po_detail_item = ".db_escape($po_detail_item);
$result = db_query($sql, "The old actual price of the purchase order line could not be retrieved");
$row = db_fetch_row($result);
$ret = $row[0];
$unit_price = $row[1]; //Added by Rasmus
$sql = "SELECT delivery_date FROM ".TB_PREF."grn_batch,".TB_PREF."grn_items WHERE
- ".TB_PREF."grn_batch.id = ".TB_PREF."grn_items.grn_batch_id AND ".TB_PREF."grn_items.id=$id";
+ ".TB_PREF."grn_batch.id = ".TB_PREF."grn_items.grn_batch_id AND "
+ .TB_PREF."grn_items.id=".db_escape($id);
$result = db_query($sql, "The old delivery date from the received record cout not be retrieved");
$row = db_fetch_row($result);
$date = $row[0];
$unit_price = 0; // Added by Rasmus
}
$sql = "UPDATE ".TB_PREF."purch_order_details
- SET qty_invoiced = qty_invoiced + $qty_invoiced ";
+ SET qty_invoiced = qty_invoiced + ".db_escape($qty_invoiced);
if ($chg_price != null)
- $sql .= " , act_price = $chg_price ";
+ $sql .= " , act_price = ".db_escape($chg_price);
- $sql .= " WHERE po_detail_item = $po_detail_item";
+ $sql .= " WHERE po_detail_item = ".db_escape($po_detail_item);
db_query($sql, "The quantity invoiced of the purchase order line could not be updated");
$sql = "UPDATE ".TB_PREF."grn_items
- SET quantity_inv = quantity_inv + $qty_invoiced
- WHERE id = $id";
+ SET quantity_inv = quantity_inv + ".db_escape($qty_invoiced)."
+ WHERE id = ".db_escape($id);
db_query($sql, "The quantity invoiced off the items received record could not be updated");
return array($ret, $date, $unit_price);
}
$from = date2sql($from);
$to = date2sql($to);
$sql = "SELECT SUM(-qty), SUM(-qty*standard_cost) FROM ".TB_PREF."stock_moves
- WHERE type=13 AND stock_id='$stock_id' AND
+ WHERE type=13 AND stock_id=".db_escape($stock_id)." AND
tran_date>='$from' AND tran_date<='$to' GROUP BY stock_id";
$result = db_query($sql, "The deliveries could not be updated");
return db_fetch_row($result);
$entered_gl_code->amount, $memo_);
// store tax details if the gl account is a tax account
+ if (!$supp_trans->is_invoice)
+ $entered_gl_code->amount = -$entered_gl_code->amount;
add_gl_tax_details($entered_gl_code->gl_code,
$trans_type, $invoice_id, $entered_gl_code->amount,
$ex_rate, $date_, $supp_trans->supp_reference);
$entered_grn->this_quantity_inv, $entered_grn->id, $entered_grn->po_detail_item, "");
} /* end of GRN postings */
/* Now the TAX account */
+ $taxes = $supp_trans->get_taxes($supp_trans->tax_group_id, 0, false); // 2009.08-18 Joe Hunt. We have already got the gl lines
foreach ($taxes as $taxitem)
{
if ($taxitem['Net'] != 0)
{
if (!$supp_trans->is_invoice)
+ {
+ $taxitem['Net'] = -$taxitem['Net'];
$taxitem['Value'] = -$taxitem['Value'];
+ }
// here we suppose that tax is never included in price (we are company customer).
add_trans_tax_details($trans_type, $invoice_id,
$taxitem['tax_type_id'], $taxitem['rate'], 0, $taxitem['Value'],
$taxitem['Net'], $ex_rate, $date_, $supp_trans->supp_reference);
+ if (!$supp_trans->is_invoice)
+ $taxitem['Value'] = -$taxitem['Value'];
$total += add_gl_trans_supplier($trans_type, $invoice_id, $date_,
$taxitem['purchasing_gl_code'], 0, 0, $taxitem['Value'],
$supp_trans->supplier_id,
$sql = "SELECT DISTINCT ".TB_PREF."supp_trans.trans_no, ".TB_PREF."supp_trans.type,
ov_amount+ov_discount+ov_gst AS Total,
".TB_PREF."supp_trans.tran_date
- FROM ".TB_PREF."supp_trans, ".TB_PREF."supp_invoice_items, ".TB_PREF."purch_order_details, ".TB_PREF."purch_orders
+ FROM ".TB_PREF."supp_trans, ".TB_PREF."supp_invoice_items, "
+ .TB_PREF."purch_order_details, ".TB_PREF."purch_orders
WHERE ".TB_PREF."supp_invoice_items.supp_trans_no = ".TB_PREF."supp_trans.trans_no
AND ".TB_PREF."supp_invoice_items.po_detail_item_id = ".TB_PREF."purch_order_details.po_detail_item
AND ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."supp_trans.supplier_id
- AND ".TB_PREF."purch_order_details.order_no = $po_number";
+ AND ".TB_PREF."purch_order_details.order_no = ".db_escape($po_number);
return db_query($sql, "The invoices/credits for the po $po_number could not be retreived");
}
function read_supp_invoice($trans_no, $trans_type, &$supp_trans)
{
$sql = "SELECT ".TB_PREF."supp_trans.*, supp_name FROM ".TB_PREF."supp_trans,".TB_PREF."suppliers
- WHERE trans_no = $trans_no AND type = $trans_type
+ WHERE trans_no = ".db_escape($trans_no)." AND type = ".db_escape($trans_type)."
AND ".TB_PREF."suppliers.supplier_id=".TB_PREF."supp_trans.supplier_id";
$result = db_query($sql, "Cannot retreive a supplier transaction");
function get_matching_invoice_item($stock_id, $po_item_id)
{
$sql = "SELECT *, tran_date FROM ".TB_PREF."supp_invoice_items, ".TB_PREF."supp_trans
- WHERE supp_trans_type = 20 AND stock_id = '$stock_id' AND po_detail_item_id = $po_item_id
+ WHERE supp_trans_type = 20 AND stock_id = "
+ .db_escape($stock_id)." AND po_detail_item_id = ".db_escape($po_item_id)."
AND supp_trans_no = trans_no";
$result = db_query($sql, "Cannot retreive supplier transaction detail records");
return db_fetch($result);