Removed obsolete complete parameter.

[fa-stable.git] / purchasing / includes / purchasing_db.inc

diff --git a/purchasing/includes/purchasing_db.inc b/purchasing/includes/purchasing_db.inc
index e98bd89a5d7b45884014f6b37d840b9a0b5e31ed..51b456a216ec01346ce42f059894b6c4e15c1941 100644 (file)
--- a/purchasing/includes/purchasing_db.inc
+++ b/purchasing/includes/purchasing_db.inc
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 include_once($path_to_root . "/purchasing/includes/supp_trans_class.inc");
 
 include_once($path_to_root . "/includes/banking.inc");
@@ -23,14 +32,14 @@ include_once($path_to_root . "/purchasing/includes/db/suppliers_db.inc");
 // $amount is in SUPPLIERS'S currency
 
 function add_gl_trans_supplier($type, $type_no, $date_, $account, $dimension, $dimension2,  
-       $amount, $supplier_id, $err_msg="", $rate=0)
+       $amount, $supplier_id, $err_msg="", $rate=0, $memo="")
 {
        if ($err_msg == "")
                $err_msg = "The supplier GL transaction could not be inserted"; 
                
-       return add_gl_trans($type, $type_no, $date_, $account, $dimension, $dimension2, "", 
+       return add_gl_trans($type, $type_no, $date_, $account, $dimension, $dimension2, $memo, 
                $amount, get_supplier_currency($supplier_id), 
-               payment_person_types::supplier(), $supplier_id, $err_msg, $rate);
+               PT_SUPPLIER, $supplier_id, $err_msg, $rate);
 }
 
 //----------------------------------------------------------------------------------------
@@ -38,8 +47,8 @@ function add_gl_trans_supplier($type, $type_no, $date_, $account, $dimension, $d
 function get_purchase_price($supplier_id, $stock_id)
 {
        $sql = "SELECT price, conversion_factor FROM ".TB_PREF."purch_data 
-               WHERE supplier_id = '" . $supplier_id . "' 
-               AND stock_id = '". $stock_id . "'";
+               WHERE supplier_id = ".db_escape($supplier_id) . " 
+               AND stock_id = ".db_escape($stock_id);
        $result = db_query($sql, "The supplier pricing details for " . $stock_id . " could not be retrieved");    
 
        if (db_num_rows($result) == 1)
@@ -53,13 +62,30 @@ function get_purchase_price($supplier_id, $stock_id)
        }       
 }
 
+function get_purchase_conversion_factor($supplier_id, $stock_id)
+{
+       $sql = "SELECT conversion_factor FROM ".TB_PREF."purch_data 
+               WHERE supplier_id = ".db_escape($supplier_id)." 
+               AND stock_id = ".db_escape($stock_id);
+       $result = db_query($sql, "The supplier pricing details for " . $stock_id . " could not be retrieved");    
+
+       if (db_num_rows($result) == 1)
+       {
+               $myrow = db_fetch($result);
+               return $myrow['conversion_factor'];
+       } 
+       else 
+       {
+               return 1;
+       }       
+}
 //----------------------------------------------------------------------------------------
 
 function get_purchase_data($supplier_id, $stock_id)
 {
        $sql = "SELECT * FROM ".TB_PREF."purch_data 
-               WHERE supplier_id = '" . $supplier_id . "' 
-               AND stock_id = '". $stock_id . "'";
+               WHERE supplier_id = ".db_escape($supplier_id) . "
+               AND stock_id = ".db_escape($stock_id);
        $result = db_query($sql, "The supplier pricing details for " . $stock_id . " could not be retrieved");    
 
        return db_fetch($result);
@@ -71,18 +97,19 @@ function add_or_update_purchase_data($supplier_id, $stock_id, $price, $descripti
        if ($data === false)
        {
                $sql = "INSERT INTO ".TB_PREF."purch_data (supplier_id, stock_id, price, suppliers_uom,
-                       conversion_factor, supplier_description) VALUES ('$supplier_id', '$stock_id', 
-                       $price, '$uom', 1, '$description')";
+                       conversion_factor, supplier_description) VALUES (".db_escape($supplier_id)
+                       .", ".db_escape($stock_id).", ".db_escape($price).", "
+                       .db_escape($uom).", 1, ".db_escape($description).")";
                db_query($sql,"The supplier purchasing details could not be added");
                return;
        }       
-       $price = round($price * $data['conversion_factor'], user_price_dec());  
-       $sql = "UPDATE ".TB_PREF."purch_data SET price=$price";
+       $price = round($price * $data['conversion_factor'], user_price_dec());
+       $sql = "UPDATE ".TB_PREF."purch_data SET price=".db_escape($price);
        if ($uom != "")
-               $sql .= ",suppliers_uom='$uom'";
+               $sql .= ",suppliers_uom=".db_escape($uom);
        if ($description != "") 
-               $sql .= ",supplier_description='$description'";
-       $sql .= " WHERE stock_id='$stock_id' AND supplier_id='$supplier_id'";
+               $sql .= ",supplier_description=".db_escape($description);
+       $sql .= " WHERE stock_id=".db_escape($stock_id)." AND supplier_id=".db_escape($supplier_id);
        db_query($sql,"The supplier purchasing details could not be updated");
        return true;
 }