company_path() helper used.

[fa-stable.git] / purchasing / includes / db / suppliers_db.inc
diff --git a/purchasing/includes/db/suppliers_db.inc b/purchasing/includes/db/suppliers_db.inc

index 797e75e099f384a774e36737a8000d4a72e8a1bc..305ce5df7cfa1babf49a12e2ffbabe4a4886d952 100644 (file)
--- a/purchasing/includes/db/suppliers_db.inc
+++ b/purchasing/includes/db/suppliers_db.inc
@@ -1,14 +1,88 @@
  <?php
  /**********************************************************************
      Copyright (C) FrontAccounting, LLC.
-       Released under the terms of the GNU Affero General Public License,
-       AGPL, as published by the Free Software Foundation, either version 
-       3 of the License, or (at your option) any later version.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  ***********************************************************************/
+
+function add_supplier($supp_name, $supp_ref, $address, $supp_address, $phone, $phone2, $fax, $gst_no, $email,
+       $website, $contact, $supp_account_no, $bank_account, $credit_limit, $dimension_id, $dimension2_id, 
+       $curr_code, $payment_terms, $payable_account, $purchase_account, $payment_discount_account, 
+       $notes, $tax_group_id)
+{
+       $sql = "INSERT INTO ".TB_PREF."suppliers (supp_name, supp_ref, address, supp_address, phone, phone2, fax, gst_no, email, website,
+               contact, supp_account_no, bank_account, credit_limit, dimension_id, dimension2_id, curr_code,
+               payment_terms, payable_account, purchase_account, payment_discount_account, notes, tax_group_id)
+               VALUES (".db_escape($_POST['supp_name']). ", "
+               .db_escape($supp_ref). ", "
+               .db_escape($address) . ", "
+               .db_escape($supp_address) . ", "
+               .db_escape($phone). ", "
+               .db_escape($phone2). ", "
+               .db_escape($fax). ", "
+               .db_escape($gst_no). ", "
+               .db_escape($email). ", "
+               .db_escape($website). ", "
+               .db_escape($contact). ", "
+               .db_escape($supp_account_no). ", "
+               .db_escape($bank_account). ", "
+               .$credit_limit. ", "
+               .db_escape($dimension_id). ", "
+               .db_escape($dimension2_id). ", "
+               .db_escape($curr_code). ", "
+               .db_escape($payment_terms). ", "
+               .db_escape($payable_account). ", "
+               .db_escape($purchase_account). ", "
+               .db_escape($payment_discount_account). ", "
+               .db_escape($notes). ", "
+               .db_escape($tax_group_id). ")";
+
+       db_query($sql,"The supplier could not be added");
+}
+
+function update_supplier($supplier_id, $supp_name, $supp_ref, $address, $supp_address, $phone, $phone2, $fax, $gst_no, 
+       $email, $website, $contact, $supp_account_no, $bank_account, $credit_limit, $dimension_id, $dimension2_id, 
+       $curr_code, $payment_terms, $payable_account, $purchase_account, $payment_discount_account, 
+       $notes, $tax_group_id)
+{
+       $sql = "UPDATE ".TB_PREF."suppliers SET supp_name=".db_escape($supp_name) . ",
+               supp_ref=".db_escape($supp_ref) . ",
+               address=".db_escape($address) . ",
+               supp_address=".db_escape($supp_address) . ",
+               phone=".db_escape($phone) . ",
+               phone2=".db_escape($phone2) . ",
+               fax=".db_escape($fax) . ",
+               gst_no=".db_escape($gst_no) . ",
+               email=".db_escape($email) . ",
+               website=".db_escape($website) . ",
+               contact=".db_escape($contact) . ",
+               supp_account_no=".db_escape($supp_account_no) . ",
+               bank_account=".db_escape($bank_account) . ",
+               credit_limit=".$credit_limit . ",
+               dimension_id=".db_escape($dimension_id) . ",
+               dimension2_id=".db_escape($dimension2_id) . ",
+               curr_code=".db_escape($curr_code).",
+               payment_terms=".db_escape($payment_terms) . ",
+               payable_account=".db_escape($payable_account) . ",
+               purchase_account=".db_escape($purchase_account) . ",
+               payment_discount_account=".db_escape($payment_discount_account) . ",
+               notes=".db_escape($notes) . ",
+               tax_group_id=".db_escape($tax_group_id) . " WHERE supplier_id = ".db_escape($supplier_id);
+
+       db_query($sql,"The supplier could not be updated");
+}
+
+function delete_supplier($supplier_id)
+{
+       $sql="DELETE FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
+       db_query($sql,"check failed");
+}
+
  function get_supplier_details($supplier_id, $to=null)
  {
  
@@ -21,7 +95,7 @@ function get_supplier_details($supplier_id, $to=null)
         // removed - supp_trans.alloc from all summations
  
      $value = "(".TB_PREF."supp_trans.ov_amount + ".TB_PREF."supp_trans.ov_gst + ".TB_PREF."supp_trans.ov_discount)";
-       $due = "IF (".TB_PREF."supp_trans.type=20 OR ".TB_PREF."supp_trans.type=21,".TB_PREF."supp_trans.due_date,".TB_PREF."supp_trans.tran_date)";
+       $due = "IF (".TB_PREF."supp_trans.type=".ST_SUPPINVOICE." OR ".TB_PREF."supp_trans.type=".ST_SUPPCREDIT.",".TB_PREF."supp_trans.due_date,".TB_PREF."supp_trans.tran_date)";
      $sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."suppliers.curr_code, ".TB_PREF."payment_terms.terms,
  
                 Sum($value) AS Balance,
@@ -60,7 +134,7 @@ function get_supplier_details($supplier_id, $to=null)
                                  ".TB_PREF."payment_terms
                         WHERE
                                  ".TB_PREF."suppliers.payment_terms = ".TB_PREF."payment_terms.terms_indicator
-                                AND ".TB_PREF."suppliers.supplier_id = '$supplier_id'";
+                                AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
  
         $result = db_query($sql,"The customer details could not be retrieved");
  
@@ -86,7 +160,7 @@ function get_supplier_details($supplier_id, $to=null)
  
  function get_supplier($supplier_id)
  {
-       $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+       $sql = "SELECT * FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
  
         $result = db_query($sql, "could not get supplier");
  
@@ -95,7 +169,7 @@ function get_supplier($supplier_id)
  
  function get_supplier_name($supplier_id)
  {
-       $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+       $sql = "SELECT supp_name AS name FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
  
         $result = db_query($sql, "could not get supplier");
  
@@ -106,7 +180,7 @@ function get_supplier_name($supplier_id)
  
  function get_supplier_accounts($supplier_id)
  {
-       $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=$supplier_id";
+       $sql = "SELECT payable_account,purchase_account,payment_discount_account FROM ".TB_PREF."suppliers WHERE supplier_id=".db_escape($supplier_id);
  
         $result = db_query($sql, "could not get supplier");