<?php
/**********************************************************************
Copyright (C) FrontAccounting, LLC.
- Released under the terms of the GNU Affero General Public License,
- AGPL, as published by the Free Software Foundation, either version
- 3 of the License, or (at your option) any later version.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
//----------------------------------------------------------------------------------------
$sql = "INSERT INTO ".TB_PREF."supp_allocations (
amt, date_alloc,
trans_type_from, trans_no_from, trans_no_to, trans_type_to)
- VALUES ($amount, '$date', $trans_type_from, $trans_no_from, $trans_no_to, $trans_type_to)";
+ VALUES (".db_escape($amount).", '$date', "
+ .db_escape($trans_type_from).", ".db_escape($trans_no_from).", "
+ .db_escape($trans_no_to).", ".db_escape($trans_type_to).")";
db_query($sql, "A supplier allocation could not be added to the database");
}
function delete_supp_allocation($trans_id)
{
- $sql = "DELETE FROM ".TB_PREF."supp_allocations WHERE id = " . $trans_id;
+ $sql = "DELETE FROM ".TB_PREF."supp_allocations WHERE id = ".db_escape($trans_id);
db_query($sql, "The existing allocation $trans_id could not be deleted");
}
function get_supp_trans_allocation_balance($trans_type, $trans_no)
{
$sql = "SELECT (ov_amount+ov_gst-ov_discount-alloc) AS BalToAllocate
- FROM ".TB_PREF."supp_trans WHERE trans_no=$trans_no AND type=$trans_type";
+ FROM ".TB_PREF."supp_trans WHERE trans_no="
+ .db_escape($trans_no)." AND type=".db_escape($trans_type);
$result = db_query($sql,"calculate the allocation");
$myrow = db_fetch_row($result);
function update_supp_trans_allocation($trans_type, $trans_no, $alloc)
{
- $sql = "UPDATE ".TB_PREF."supp_trans SET alloc = alloc + $alloc
- WHERE type=$trans_type AND trans_no = $trans_no";
+ $sql = "UPDATE ".TB_PREF."supp_trans SET alloc = alloc + ".db_escape($alloc)."
+ WHERE type=".db_escape($trans_type)." AND trans_no = ".db_escape($trans_no);
db_query($sql, "The supp transaction record could not be modified for the allocation against it");
}
// clear any allocations for this transaction
$sql = "SELECT * FROM ".TB_PREF."supp_allocations
WHERE (trans_type_from=$type AND trans_no_from=$type_no)
- OR (trans_type_to=$type AND trans_no_to=$type_no)";
+ OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
$result = db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
while ($row = db_fetch($result))
// 2008-09-20 Joe Hunt
if ($date != "")
exchange_variation($type, $type_no, $row['trans_type_to'], $row['trans_no_to'], $date,
- $row['amt'], payment_person_types::supplier(), true);
+ $row['amt'], PT_SUPPLIER, true);
//////////////////////
}
// remove any allocations for this transaction
$sql = "DELETE FROM ".TB_PREF."supp_allocations
- WHERE (trans_type_from=$type AND trans_no_from=$type_no)
- OR (trans_type_to=$type AND trans_no_to=$type_no)";
+ WHERE (trans_type_from=".db_escape($type)." AND trans_no_from=".db_escape($type_no).")
+ OR (trans_type_to=".db_escape($type)." AND trans_no_to=".db_escape($type_no).")";
db_query($sql, "could not void supp transactions for type=$type and trans_no=$type_no");
}
$sql .= " WHERE trans.supplier_id=supplier.supplier_id";
if ($extra_conditions)
- $sql .= " AND $extra_conditions ";
+ $sql .= " AND $extra_conditions";
return $sql;
}
$supp_sql = "";
if ($supplier_id != null)
- $supp_sql = " AND trans.supplier_id = $supplier_id";
+ $supp_sql = " AND trans.supplier_id = ".db_escape($supplier_id);
$sql = get_alloc_supp_sql("round(ABS(ov_amount+ov_gst+ov_discount)-alloc,6) <= 0 AS settled",
- "(type=22 OR type=21 OR type=1) AND (ov_amount < 0) " . $settled_sql . $supp_sql);
+ "(type=".ST_SUPPAYMENT." OR type=".ST_SUPPCREDIT." OR type=".ST_BANKPAYMENT.") AND (ov_amount < 0) " . $settled_sql . $supp_sql);
return $sql;
}
{
if ($trans_no != null && $type!= null)
{
- $sql = get_alloc_supp_sql("amt", "trans.trans_no = alloc.trans_no_to
+ $sql = get_alloc_supp_sql("amt, supp_reference", "trans.trans_no = alloc.trans_no_to
AND trans.type = alloc.trans_type_to
- AND alloc.trans_no_from=$trans_no
- AND alloc.trans_type_from=$type
- AND trans.supplier_id=$supplier_id",
- "".TB_PREF."supp_allocations as alloc");
+ AND alloc.trans_no_from=".db_escape($trans_no)."
+ AND alloc.trans_type_from=".db_escape($type)."
+ AND trans.supplier_id=".db_escape($supplier_id),
+ TB_PREF."supp_allocations as alloc");
}
else
{
$sql = get_alloc_supp_sql(null, "round(ABS(ov_amount+ov_gst+ov_discount)-alloc,6) > 0
- AND trans.type != 22
+ AND trans.type != ".ST_SUPPAYMENT."
AND trans.supplier_id=$supplier_id");
}