function delete_po($po)
{
- $sql = "DELETE FROM ".TB_PREF."purch_orders WHERE order_no=" . $po;
+ $sql = "DELETE FROM ".TB_PREF."purch_orders WHERE order_no=".db_escape($po);
db_query($sql, "The order header could not be deleted");
- $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE order_no =" . $po;
+ $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE order_no =".db_escape($po);
db_query($sql, "The order detail lines could not be deleted");
}
function add_po(&$po_obj)
{
+ global $Refs;
+
begin_transaction();
/*Insert to purchase order header record */
$sql = "INSERT INTO ".TB_PREF."purch_orders (supplier_id, Comments, ord_date, reference, requisition_no, into_stock_location, delivery_address) VALUES(";
$sql .= db_escape($po_obj->supplier_id) . "," .
db_escape($po_obj->Comments) . ",'" .
- date2sql($po_obj->orig_order_date) . "', '" .
- $po_obj->reference . "', " .
+ date2sql($po_obj->orig_order_date) . "', " .
+ db_escape($po_obj->reference) . ", " .
db_escape($po_obj->requisition_no) . ", " .
db_escape($po_obj->Location) . ", " .
db_escape($po_obj->delivery_address) . ")";
$sql .= $po_obj->order_no . ", " . db_escape($po_line->stock_id). "," .
db_escape($po_line->item_description). ",'" .
date2sql($po_line->req_del_date) . "'," .
- $po_line->price . ", " .
- $po_line->quantity . ")";
+ db_escape($po_line->price) . ", " .
+ db_escape($po_line->quantity). ")";
db_query($sql, "One of the purchase order detail records could not be inserted");
}
}
- references::save_last($po_obj->reference, systypes::po());
+ $Refs->save(ST_PURCHORDER, $po_obj->order_no, $po_obj->reference);
- //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
+ //add_comments(ST_PURCHORDER, $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
+ add_audit_trail(ST_PURCHORDER, $po_obj->order_no, $po_obj->orig_order_date);
commit_transaction();
return $po_obj->order_no;
// Sherifoz 21.06.03 Handle deleting existing lines
if ($po_line->po_detail_rec!='')
{
- $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE po_detail_item='" . $po_line->po_detail_rec . "'";
+ $sql = "DELETE FROM ".TB_PREF."purch_order_details WHERE po_detail_item=".db_escape($po_line->po_detail_rec);
db_query($sql, "could not query purch order details");
}
}
db_escape($po_line->stock_id). "," .
db_escape($po_line->item_description). ",'" .
date2sql($po_line->req_del_date) . "'," .
- $po_line->price . ", " . $po_line->quantity . ")";
+ db_escape($po_line->price) . ", ".db_escape($po_line->quantity) . ")";
}
else
{
- $sql = "UPDATE ".TB_PREF."purch_order_details SET item_code='" . $po_line->stock_id . "',
+ $sql = "UPDATE ".TB_PREF."purch_order_details SET item_code=".db_escape($po_line->stock_id).",
description =" . db_escape($po_line->item_description). ",
delivery_date ='" . date2sql($po_line->req_del_date) . "',
- unit_price=" . $po_line->price . ",
- quantity_ordered=" . $po_line->quantity . "
- WHERE po_detail_item=" . $po_line->po_detail_rec;
+ unit_price=".db_escape($po_line->price).",
+ quantity_ordered=".db_escape($po_line->quantity) . "
+ WHERE po_detail_item=".db_escape($po_line->po_detail_rec);
}
db_query($sql, "One of the purchase order detail records could not be updated");
}
- //add_comments(systypes::po(), $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
+ //add_comments(ST_PURCHORDER, $po_obj->order_no, $po_obj->orig_order_date, $po_obj->Comments);
commit_transaction();
FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations
WHERE ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."suppliers.supplier_id
AND ".TB_PREF."locations.loc_code = into_stock_location
- AND ".TB_PREF."purch_orders.order_no = " . $order_no;
+ AND ".TB_PREF."purch_orders.order_no = ".db_escape($order_no);
$result = db_query($sql, "The order cannot be retrieved");
FROM ".TB_PREF."purch_order_details
LEFT JOIN ".TB_PREF."stock_master
ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id
- WHERE order_no =$order_no ";
+ WHERE order_no =".db_escape($order_no);
if ($open_items_only)
$sql .= " AND (".TB_PREF."purch_order_details.quantity_ordered > ".TB_PREF."purch_order_details.quantity_received) ";
while ($myrow = db_fetch($result))
{
+
$data = get_purchase_data($order->supplier_id, $myrow['item_code']);
if ($data !== false)
{
if ($data['supplier_description'] != "")
$myrow['description'] = $data['supplier_description'];
- if ($data['suppliers_uom'] != "")
- $myrow['units'] = $data['suppliers_uon'];
+ //if ($data['suppliers_uom'] != "")
+ // $myrow['units'] = $data['suppliers_uom'];
}
if (is_null($myrow["units"]))
{
$units = $myrow["units"];
}
- $order->add_to_order($order->lines_on_order+1, $myrow["item_code"],
+ if ($order->add_to_order($order->lines_on_order+1, $myrow["item_code"],
$myrow["quantity_ordered"],$myrow["description"],
$myrow["unit_price"],$units, sql2date($myrow["delivery_date"]),
- $myrow["qty_invoiced"], $myrow["quantity_received"]);
-
- $order->line_items[$order->lines_on_order]->po_detail_rec = $myrow["po_detail_item"];
- $order->line_items[$order->lines_on_order]->standard_cost = $myrow["std_cost_unit"]; /*Needed for receiving goods and GL interface */
+ $myrow["qty_invoiced"], $myrow["quantity_received"])) {
+ $order->line_items[$order->lines_on_order]->po_detail_rec = $myrow["po_detail_item"];
+ $order->line_items[$order->lines_on_order]->standard_cost = $myrow["std_cost_unit"]; /*Needed for receiving goods and GL interface */
+ }
} /* line po from purchase order details */
} //end of checks on returned data set
}
//----------------------------------------------------------------------------------------
+function get_po_items($order_no)
+{
+ $sql = "SELECT item_code, quantity_ordered, quantity_received, qty_invoiced
+ FROM ".TB_PREF."purch_order_details
+ WHERE order_no=".db_escape($order_no)
+ ." ORDER BY po_detail_item";
+
+ $result = db_query($sql, "could not query purch order details");
+ check_db_error("Could not check that the details of the purchase order had not been changed by another user ", $sql);
+ return $result;
+}
+//----------------------------------------------------------------------------------------
+
+function get_short_info($stock_id)
+{
+ $sql = "SELECT description, units, mb_flag
+ FROM ".TB_PREF."stock_master WHERE stock_id = ".db_escape($stock_id);
+
+ return db_query($sql,"The stock details for " . $stock_id . " could not be retrieved");
+}
+
+function get_sql_for_po_search_completed()
+{
+ global $order_number, $selected_stock_item;;
+
+ $sql = "SELECT
+ porder.order_no,
+ porder.reference,
+ supplier.supp_name,
+ location.location_name,
+ porder.requisition_no,
+ porder.ord_date,
+ supplier.curr_code,
+ Sum(line.unit_price*line.quantity_ordered) AS OrderValue,
+ porder.into_stock_location
+ FROM ".TB_PREF."purch_orders as porder, "
+ .TB_PREF."purch_order_details as line, "
+ .TB_PREF."suppliers as supplier, "
+ .TB_PREF."locations as location
+ WHERE porder.order_no = line.order_no
+ AND porder.supplier_id = supplier.supplier_id
+ AND location.loc_code = porder.into_stock_location ";
+
+ if (isset($order_number) && $order_number != "")
+ {
+ $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
+ }
+ else
+ {
+
+ $data_after = date2sql($_POST['OrdersAfterDate']);
+ $date_before = date2sql($_POST['OrdersToDate']);
+
+ $sql .= " AND porder.ord_date >= '$data_after'";
+ $sql .= " AND porder.ord_date <= '$date_before'";
+ if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
+ {
+ $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']);
+ }
+ if (isset($selected_stock_item))
+ {
+ $sql .= " AND line.item_code=".db_escape($selected_stock_item);
+ }
+
+ } //end not order number selected
+
+ $sql .= " GROUP BY porder.order_no";
+ return $sql;
+}
+
+function get_sql_for_po_search()
+{
+ global $all_items, $order_number, $selected_stock_item;;
+
+ $sql = "SELECT
+ porder.order_no,
+ porder.reference,
+ supplier.supp_name,
+ location.location_name,
+ porder.requisition_no,
+ porder.ord_date,
+ supplier.curr_code,
+ Sum(line.unit_price*line.quantity_ordered) AS OrderValue,
+ Sum(line.delivery_date < '". date2sql(Today()) ."'
+ AND (line.quantity_ordered > line.quantity_received)) As OverDue
+ FROM "
+ .TB_PREF."purch_orders as porder, "
+ .TB_PREF."purch_order_details as line, "
+ .TB_PREF."suppliers as supplier, "
+ .TB_PREF."locations as location
+ WHERE porder.order_no = line.order_no
+ AND porder.supplier_id = supplier.supplier_id
+ AND location.loc_code = porder.into_stock_location
+ AND (line.quantity_ordered > line.quantity_received) ";
+
+ if (isset($order_number) && $order_number != "")
+ {
+ $sql .= "AND porder.reference LIKE ".db_escape('%'. $order_number . '%');
+ }
+ else
+ {
+ $data_after = date2sql($_POST['OrdersAfterDate']);
+ $data_before = date2sql($_POST['OrdersToDate']);
+
+ $sql .= " AND porder.ord_date >= '$data_after'";
+ $sql .= " AND porder.ord_date <= '$data_before'";
+
+ if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != $all_items)
+ {
+ $sql .= " AND porder.into_stock_location = ".db_escape($_POST['StockLocation']);
+ }
+
+ if (isset($selected_stock_item))
+ {
+ $sql .= " AND line.item_code=".db_escape($selected_stock_item);
+ }
+ } //end not order number selected
+
+ $sql .= " GROUP BY porder.order_no";
+ return $sql;
+}
?>
\ No newline at end of file