function add_po(&$po_obj)
{
- begin_transaction();
-
+ begin_transaction();
+
/*Insert to purchase order header record */
$sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES(";
- $sql .= "'" . $po_obj->supplier_id . "', '" .
- db_escape($po_obj->Comments) . "','" .
- date2sql($po_obj->orig_order_date) . "', '" .
- $po_obj->reference . "', '" .
- $po_obj->requisition_no . "', '" .
- $po_obj->Location . "', '" .
- $po_obj->delivery_address . "')";
-
+ $sql .= db_escape($po_obj->supplier_id) . "," .
+ db_escape($po_obj->Comments) . ",'" .
+ date2sql($po_obj->orig_order_date) . "', '" .
+ $po_obj->reference . "', " .
+ db_escape($po_obj->requisition_no) . ", " .
+ db_escape($po_obj->Location) . ", " .
+ db_escape($po_obj->delivery_address) . ")";
+
db_query($sql, "The purchase order header record could not be inserted");
-
+
/*Get the auto increment value of the order number created from the sql above */
$po_obj->order_no = db_insert_id();
-
+
/*Insert the purchase order detail records */
- foreach ($po_obj->line_items as $po_line)
+ foreach ($po_obj->line_items as $po_line)
{
- if ($po_line->Deleted == false)
+ if ($po_line->Deleted == false)
{
$sql = "INSERT INTO ".TB_PREF."purch_order_details (order_no, item_code, description, delivery_date, unit_price, quantity_ordered) VALUES (";
- $sql .= $po_obj->order_no . ", '" . $po_line->stock_id . "','" .
- $po_line->item_description . "','" .
- date2sql($po_line->req_del_date) . "'," .
- $po_line->price . ", " .
+ $sql .= $po_obj->order_no . ", " . db_escape($po_line->stock_id). "," .
+ db_escape($po_line->item_description). ",'" .
+ date2sql($po_line->req_del_date) . "'," .
+ $po_line->price . ", " .
$po_line->quantity . ")";
db_query($sql, "One of the purchase order detail records could not be inserted");
}
- }
-
- add_forms_for_sys_type(systypes::po(), $po_obj->order_no);
-
- references::save_last($po_obj->reference, systypes::po());
-
- //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
-
- commit_transaction();
-
+ }
+
+ references::save_last($po_obj->reference, systypes::po());
+
+ //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
+
+ commit_transaction();
+
return $po_obj->order_no;
}
function update_po(&$po_obj)
{
- begin_transaction();
+ begin_transaction();
/*Update the purchase order header with any changes */
- $sql = "UPDATE ".TB_PREF."purch_orders SET Comments='" . db_escape($po_obj->Comments) . "',
- requisition_no= '" . $po_obj->requisition_no . "',
- into_stock_location='" . $po_obj->Location . "',
+ $sql = "UPDATE ".TB_PREF."purch_orders SET Comments=" . db_escape($po_obj->Comments) . ",
+ requisition_no= ". db_escape( $po_obj->requisition_no). ",
+ into_stock_location=" . db_escape($po_obj->Location). ",
ord_date='" . date2sql($po_obj->orig_order_date) . "',
- delivery_address='" . $po_obj->delivery_address . "'";
+ delivery_address=" . db_escape($po_obj->delivery_address);
$sql .= " WHERE order_no = " . $po_obj->order_no;
db_query($sql, "The purchase order could not be updated");
/*Now Update the purchase order detail records */
- foreach ($po_obj->line_items as $po_line)
+ foreach ($po_obj->line_items as $po_line)
{
- if ($po_line->Deleted==True)
+ if ($po_line->Deleted==True)
{
// Sherifoz 21.06.03 Handle deleting existing lines
- if ($po_line->po_detail_rec!='')
+ if ($po_line->po_detail_rec!='')
{
$sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE po_detail_item='" . $po_line->po_detail_rec . "'";
db_query($sql, "could not query purch order details");
}
- }
- else if ($po_line->po_detail_rec == '')
+ }
+ else if ($po_line->po_detail_rec == '')
{
// Sherifoz 21.06.03 Handle adding new lines vs. updating. if no key(po_detail_rec) then it's a new line
$sql = "INSERT INTO ".TB_PREF."purch_order_details (order_no, item_code, description, delivery_date, unit_price, quantity_ordered) VALUES (";
- $sql .= $po_obj->order_no . ", '" .
- $po_line->stock_id . "','" .
- $po_line->item_description . "','" .
- date2sql($po_line->req_del_date) . "'," .
+ $sql .= $po_obj->order_no . "," .
+ db_escape($po_line->stock_id). "," .
+ db_escape($po_line->item_description). ",'" .
+ date2sql($po_line->req_del_date) . "'," .
$po_line->price . ", " . $po_line->quantity . ")";
- }
- else
+ }
+ else
{
- $sql = "UPDATE ".TB_PREF."purch_order_details SET item_code='" . $po_line->stock_id . "',
- description ='" . $po_line->item_description . "',
- delivery_date ='" . date2sql($po_line->req_del_date) . "',
- unit_price=" . $po_line->price . ",
- quantity_ordered=" . $po_line->quantity . "
+ $sql = "UPDATE ".TB_PREF."purch_order_details SET item_code='" . $po_line->stock_id . "',
+ description =" . db_escape($po_line->item_description). ",
+ delivery_date ='" . date2sql($po_line->req_del_date) . "',
+ unit_price=" . $po_line->price . ",
+ quantity_ordered=" . $po_line->quantity . "
WHERE po_detail_item=" . $po_line->po_detail_rec;
}
db_query($sql, "One of the purchase order detail records could not be updated");
}
-
- //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
-
- commit_transaction();
-
- return $po_obj->order_no;
+
+ //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
+
+ commit_transaction();
+
+ return $po_obj->order_no;
}
//----------------------------------------------------------------------------------------
function read_po_header($order_no, &$order)
{
- $sql = "SELECT ".TB_PREF."purch_orders.*, ".TB_PREF."suppliers.supp_name,
- ".TB_PREF."suppliers.curr_code, ".TB_PREF."locations.location_name
- FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations
+ $sql = "SELECT ".TB_PREF."purch_orders.*, ".TB_PREF."suppliers.supp_name,
+ ".TB_PREF."suppliers.curr_code, ".TB_PREF."locations.location_name
+ FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations
WHERE ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."suppliers.supplier_id
- AND ".TB_PREF."locations.loc_code = into_stock_location
+ AND ".TB_PREF."locations.loc_code = into_stock_location
AND ".TB_PREF."purch_orders.order_no = " . $order_no;
$result = db_query($sql, "The order cannot be retrieved");
-
- if (db_num_rows($result) == 1)
+
+ if (db_num_rows($result) == 1)
{
$myrow = db_fetch($result);
-
+
$order->order_no = $order_no;
$order->supplier_id = $myrow["supplier_id"];
$order->supplier_name = $myrow["supp_name"];
$order->curr_code = $myrow["curr_code"];
-
+
$order->orig_order_date = sql2date($myrow["ord_date"]);
$order->Comments = $myrow["comments"];
$order->Location = $myrow["into_stock_location"];
$order->requisition_no = $myrow["requisition_no"];
$order->reference = $myrow["reference"];
$order->delivery_address = $myrow["delivery_address"];
-
+
return true;
- }
-
+ }
+
display_db_error("FATAL : duplicate purchase order found", "", true);
return false;
}
{
/*now populate the line po array with the purchase order details records */
- $sql = "SELECT ".TB_PREF."purch_order_details.*, units
- FROM ".TB_PREF."purch_order_details
- LEFT JOIN ".TB_PREF."stock_master
- ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id
+ $sql = "SELECT ".TB_PREF."purch_order_details.*, units
+ FROM ".TB_PREF."purch_order_details
+ LEFT JOIN ".TB_PREF."stock_master
+ ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id
WHERE order_no =$order_no ";
-
+
if ($open_items_only)
- $sql .= " AND (".TB_PREF."purch_order_details.quantity_ordered > ".TB_PREF."purch_order_details.quantity_received) ";
-
+ $sql .= " AND (".TB_PREF."purch_order_details.quantity_ordered > ".TB_PREF."purch_order_details.quantity_received) ";
+
$sql .= " ORDER BY po_detail_item";
- $result = db_query($sql, "The lines on the purchase order cannot be retrieved");
+ $result = db_query($sql, "The lines on the purchase order cannot be retrieved");
- if (db_num_rows($result) > 0)
+ if (db_num_rows($result) > 0)
{
- while ($myrow = db_fetch($result))
+ while ($myrow = db_fetch($result))
{
if (is_null($myrow["units"]))
{
$units = "";
- }
- else
+ }
+ else
{
$units = $myrow["units"];
}
- $order->add_to_order($order->lines_on_order+1, $myrow["item_code"],
- $myrow["quantity_ordered"],$myrow["description"],
+ $order->add_to_order($order->lines_on_order+1, $myrow["item_code"],
+ $myrow["quantity_ordered"],$myrow["description"],
$myrow["unit_price"],$units, sql2date($myrow["delivery_date"]),
$myrow["qty_invoiced"], $myrow["quantity_received"]);
-
+
$order->line_items[$order->lines_on_order]->po_detail_rec = $myrow["po_detail_item"];
$order->line_items[$order->lines_on_order]->standard_cost = $myrow["std_cost_unit"]; /*Needed for receiving goods and GL interface */
} /* line po from purchase order details */
function read_po($order_no, &$order, $open_items_only=false)
{
- $result = read_po_header($order_no, $order);
-
+ $result = read_po_header($order_no, $order);
+
if ($result)
- read_po_items($order_no, $order, $open_items_only);
+ read_po_items($order_no, $order, $open_items_only);
}
//----------------------------------------------------------------------------------------