$sql = "INSERT INTO ".TB_PREF."supp_allocations (
amt, date_alloc,
trans_type_from, trans_no_from, trans_no_to, trans_type_to)
- VALUES ($amount, '$date', $trans_type_from, $trans_no_from, $trans_no_to, $trans_type_to)";
+ VALUES (".db_escape($amount).", '$date', "
+ .db_escape($trans_type_from).", ".db_escape($trans_no_from).", "
+ .db_escape($trans_no_to).", ".db_escape($trans_type_to).")";
db_query($sql, "A supplier allocation could not be added to the database");
}
function delete_supp_allocation($trans_id)
{
- $sql = "DELETE FROM ".TB_PREF."supp_allocations WHERE id = " . $trans_id;
+ $sql = "DELETE FROM ".TB_PREF."supp_allocations WHERE id = ".db_escape($trans_id);
db_query($sql, "The existing allocation $trans_id could not be deleted");
}
function get_supp_trans_allocation_balance($trans_type, $trans_no)
{
$sql = "SELECT (ov_amount+ov_gst-ov_discount-alloc) AS BalToAllocate
- FROM ".TB_PREF."supp_trans WHERE trans_no=$trans_no AND type=$trans_type";
+ FROM ".TB_PREF."supp_trans WHERE trans_no="
+ .db_escape($trans_no)." AND type=".db_escape($trans_type);
$result = db_query($sql,"calculate the allocation");
$myrow = db_fetch_row($result);
function update_supp_trans_allocation($trans_type, $trans_no, $alloc)
{
- $sql = "UPDATE ".TB_PREF."supp_trans SET alloc = alloc + $alloc
- WHERE type=$trans_type AND trans_no = $trans_no";
+ $sql = "UPDATE ".TB_PREF."supp_trans SET alloc = alloc + ".db_escape($alloc)."
+ WHERE type=".db_escape($trans_type)." AND trans_no = ".db_escape($trans_no);
db_query($sql, "The supp transaction record could not be modified for the allocation against it");
}
// clear any allocations for this transaction
$sql = "SELECT * FROM ".TB_PREF."supp_allocations
WHERE (trans_type_from=$type AND trans_no_from=$type_no)
- OR (trans_type_to=$type AND trans_no_to=$type_no)";
+ OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
$result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
while ($row = db_fetch($result))
// remove any allocations for this transaction
$sql = "DELETE FROM ".TB_PREF."supp_allocations
- WHERE (trans_type_from=$type AND trans_no_from=$type_no)
- OR (trans_type_to=$type AND trans_no_to=$type_no)";
+ WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).")
+ OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
}
$sql .= " WHERE trans.supplier_id=supplier.supplier_id";
if ($extra_conditions)
- $sql .= " AND $extra_conditions ";
+ $sql .= " AND $extra_conditions";
return $sql;
}
$supp_sql = "";
if ($supplier_id != null)
- $supp_sql = " AND trans.supplier_id = $supplier_id";
+ $supp_sql = " AND trans.supplier_id = ".db_escape($supplier_id);
$sql = get_alloc_supp_sql("round(ABS(ov_amount+ov_gst+ov_discount)-alloc,6) <= 0 AS settled",
- "(type=22 OR type=21 OR type=1) AND (ov_amount < 0) " . $settled_sql . $supp_sql);
+ "(type=".ST_SUPPAYMENT." OR type=".ST_SUPPCREDIT." OR type=".ST_BANKPAYMENT.") AND (ov_amount < 0) " . $settled_sql . $supp_sql);
return $sql;
}
{
$sql = get_alloc_supp_sql("amt, supp_reference", "trans.trans_no = alloc.trans_no_to
AND trans.type = alloc.trans_type_to
- AND alloc.trans_no_from=$trans_no
- AND alloc.trans_type_from=$type
- AND trans.supplier_id=$supplier_id",
- "".TB_PREF."supp_allocations as alloc");
+ AND alloc.trans_no_from=".db_escape($trans_no)."
+ AND alloc.trans_type_from=".db_escape($type)."
+ AND trans.supplier_id=".db_escape($supplier_id),
+ TB_PREF."supp_allocations as alloc");
}
else
{
$sql = get_alloc_supp_sql(null, "round(ABS(ov_amount+ov_gst+ov_discount)-alloc,6) > 0
- AND trans.type != 22
- AND trans.supplier_id=$supplier_id");
+ AND trans.type != ".ST_SUPPAYMENT."
+ AND trans.supplier_id=".db_escape($supplier_id));
}
return db_query($sql." ORDER BY trans_no", "Cannot retreive alloc to transactions");
}
+function get_sql_for_supplier_allocation_inquiry()
+{
+ $date_after = date2sql($_POST['TransAfterDate']);
+ $date_to = date2sql($_POST['TransToDate']);
+ $sql = "SELECT
+ trans.type,
+ trans.trans_no,
+ trans.reference,
+ supplier.supp_name,
+ trans.supp_reference,
+ trans.tran_date,
+ trans.due_date,
+ supplier.curr_code,
+ (trans.ov_amount + trans.ov_gst + trans.ov_discount) AS TotalAmount,
+ trans.alloc AS Allocated,
+ ((trans.type = ".ST_SUPPINVOICE." OR trans.type = ".ST_SUPPCREDIT.") AND trans.due_date < '" . date2sql(Today()) . "') AS OverDue
+ FROM "
+ .TB_PREF."supp_trans as trans, "
+ .TB_PREF."suppliers as supplier
+ WHERE supplier.supplier_id = trans.supplier_id
+ AND trans.tran_date >= '$date_after'
+ AND trans.tran_date <= '$date_to'";
+
+ if ($_POST['supplier_id'] != ALL_TEXT)
+ $sql .= " AND trans.supplier_id = ".db_escape($_POST['supplier_id']);
+ if (isset($_POST['filterType']) && $_POST['filterType'] != ALL_TEXT)
+ {
+ if (($_POST['filterType'] == '1') || ($_POST['filterType'] == '2'))
+ {
+ $sql .= " AND trans.type = ".ST_SUPPINVOICE." ";
+ }
+ elseif ($_POST['filterType'] == '3')
+ {
+ $sql .= " AND trans.type = ".ST_SUPPAYMENT." ";
+ }
+ elseif (($_POST['filterType'] == '4') || ($_POST['filterType'] == '5'))
+ {
+ $sql .= " AND trans.type = ".ST_SUPPCREDIT." ";
+ }
+
+ if (($_POST['filterType'] == '2') || ($_POST['filterType'] == '5'))
+ {
+ $today = date2sql(Today());
+ $sql .= " AND trans.due_date < '$today' ";
+ }
+ }
+
+ if (!check_value('showSettled'))
+ {
+ $sql .= " AND (round(abs(ov_amount + ov_gst + ov_discount) - alloc,6) != 0) ";
+ }
+ return $sql;
+}
?>
\ No newline at end of file
projects / fa-stable.git / blobdiff