<?php
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
function get_supplier_details($supplier_id, $to=null)
{
".TB_PREF."payment_terms
WHERE
".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
- AND ".TB_PREF."suppliers.supplier_id = '$supplier_id'";
+ AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
$result = db_query($sql,"The customer details could not be retrieved");
function get_supplier($supplier_id)
{
- $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+ $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
$result = db_query($sql, "could not get supplier");
function get_supplier_name($supplier_id)
{
- $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+ $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
$result = db_query($sql, "could not get supplier");
function get_supplier_accounts($supplier_id)
{
- $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+ $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
$result = db_query($sql, "could not get supplier");
projects / fa-stable.git / blobdiff