<?php
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
//----------------------------------------------------------------------------------------
function delete_po($po)
/*Insert to purchase order header record */
$sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES(";
- $sql .= "'" . $po_obj->supplier_id . "', '" .
- db_escape($po_obj->Comments) . "','" .
+ $sql .= db_escape($po_obj->supplier_id) . "," .
+ db_escape($po_obj->Comments) . ",'" .
date2sql($po_obj->orig_order_date) . "', '" .
- $po_obj->reference . "', '" .
- $po_obj->requisition_no . "', '" .
- $po_obj->Location . "', '" .
- $po_obj->delivery_address . "')";
+ $po_obj->reference . "', " .
+ db_escape($po_obj->requisition_no) . ", " .
+ db_escape($po_obj->Location) . ", " .
+ db_escape($po_obj->delivery_address) . ")";
db_query($sql, "The purchase order header record could not be inserted");
if ($po_line->Deleted == false)
{
$sql = "INSERT INTO ".TB_PREF."purch_order_details (order_no, item_code, description, delivery_date, unit_price, quantity_ordered) VALUES (";
- $sql .= $po_obj->order_no . ", '" . $po_line->stock_id . "','" .
- $po_line->item_description . "','" .
+ $sql .= $po_obj->order_no . ", " . db_escape($po_line->stock_id). "," .
+ db_escape($po_line->item_description). ",'" .
date2sql($po_line->req_del_date) . "'," .
$po_line->price . ", " .
$po_line->quantity . ")";
}
}
- references::save_last($po_obj->reference, systypes::po());
+ references::save(systypes::po(), $po_obj->order_no, $po_obj->reference);
//add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
+ add_audit_trail(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date);
commit_transaction();
return $po_obj->order_no;
begin_transaction();
/*Update the purchase order header with any changes */
- $sql = "UPDATE ".TB_PREF."purch_orders SET Comments='" . db_escape($po_obj->Comments) . "',
- requisition_no= '" . $po_obj->requisition_no . "',
- into_stock_location='" . $po_obj->Location . "',
+ $sql = "UPDATE ".TB_PREF."purch_orders SET Comments=" . db_escape($po_obj->Comments) . ",
+ requisition_no= ". db_escape( $po_obj->requisition_no). ",
+ into_stock_location=" . db_escape($po_obj->Location). ",
ord_date='" . date2sql($po_obj->orig_order_date) . "',
- delivery_address='" . $po_obj->delivery_address . "'";
+ delivery_address=" . db_escape($po_obj->delivery_address);
$sql .= " WHERE order_no = " . $po_obj->order_no;
db_query($sql, "The purchase order could not be updated");
{
// Sherifoz 21.06.03 Handle adding new lines vs. updating. if no key(po_detail_rec) then it's a new line
$sql = "INSERT INTO ".TB_PREF."purch_order_details (order_no, item_code, description, delivery_date, unit_price, quantity_ordered) VALUES (";
- $sql .= $po_obj->order_no . ", '" .
- $po_line->stock_id . "','" .
- $po_line->item_description . "','" .
+ $sql .= $po_obj->order_no . "," .
+ db_escape($po_line->stock_id). "," .
+ db_escape($po_line->item_description). ",'" .
date2sql($po_line->req_del_date) . "'," .
$po_line->price . ", " . $po_line->quantity . ")";
}
else
{
$sql = "UPDATE ".TB_PREF."purch_order_details SET item_code='" . $po_line->stock_id . "',
- description ='" . $po_line->item_description . "',
+ description =" . db_escape($po_line->item_description). ",
delivery_date ='" . date2sql($po_line->req_del_date) . "',
unit_price=" . $po_line->price . ",
quantity_ordered=" . $po_line->quantity . "
while ($myrow = db_fetch($result))
{
+ $data = get_purchase_data($order->supplier_id, $myrow['item_code']);
+ if ($data !== false)
+ {
+ if ($data['supplier_description'] != "")
+ $myrow['description'] = $data['supplier_description'];
+ //if ($data['suppliers_uom'] != "")
+ // $myrow['units'] = $data['suppliers_uom'];
+ }
if (is_null($myrow["units"]))
{
$units = "";