function getTransactions($debtorno, $date)
{
$sql = "SELECT ".TB_PREF."debtor_trans.*,
- (".TB_PREF."debtor_trans.ov_amount + ".TB_PREF."debtor_trans.ov_gst + ".TB_PREF."debtor_trans.ov_freight + ".TB_PREF."debtor_trans.ov_discount)
+ (".TB_PREF."debtor_trans.ov_amount + ".TB_PREF."debtor_trans.ov_gst + ".TB_PREF."debtor_trans.ov_freight +
+ ".TB_PREF."debtor_trans.ov_freight_tax + ".TB_PREF."debtor_trans.ov_discount)
AS TotalAmount, ".TB_PREF."debtor_trans.alloc AS Allocated,
((".TB_PREF."debtor_trans.type = ".ST_SALESINVOICE.")
AND ".TB_PREF."debtor_trans.due_date < '$date') AS OverDue
FROM ".TB_PREF."debtor_trans
- WHERE ".TB_PREF."debtor_trans.tran_date <= '$date' AND ".TB_PREF."debtor_trans.debtor_no = '$debtorno'
+ WHERE ".TB_PREF."debtor_trans.tran_date <= '$date' AND ".TB_PREF."debtor_trans.debtor_no = ".db_escape($debtorno)."
AND ".TB_PREF."debtor_trans.type <> ".ST_CUSTDELIVERY."
ORDER BY ".TB_PREF."debtor_trans.tran_date";
$sql = "SELECT debtor_no, name AS DebtorName, address, tax_id, email, curr_code, curdate() AS tran_date, payment_terms FROM ".TB_PREF."debtors_master";
if ($customer != ALL_NUMERIC)
- $sql .= " WHERE debtor_no = $customer";
+ $sql .= " WHERE debtor_no = ".db_escape($customer);
else
$sql .= " ORDER by name";
$result = db_query($sql, "The customers could not be retrieved");