FROM ".TB_PREF."purch_orders, ".TB_PREF."suppliers, ".TB_PREF."locations
WHERE ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."suppliers.supplier_id
AND ".TB_PREF."locations.loc_code = into_stock_location
- AND ".TB_PREF."purch_orders.order_no = " . $order_no;
+ AND ".TB_PREF."purch_orders.order_no = ".db_escape($order_no);
$result = db_query($sql, "The order cannot be retrieved");
return db_fetch($result);
}
FROM ".TB_PREF."purch_order_details
LEFT JOIN ".TB_PREF."stock_master
ON ".TB_PREF."purch_order_details.item_code=".TB_PREF."stock_master.stock_id
- WHERE order_no =$order_no ";
+ WHERE order_no =".db_escape($order_no)." ";
$sql .= " ORDER BY po_detail_item";
return db_query($sql, "Retreive order Line Items");
}
$from = $_POST['PARAM_0'];
$to = $_POST['PARAM_1'];
$currency = $_POST['PARAM_2'];
- $bankaccount = $_POST['PARAM_3'];
- $email = $_POST['PARAM_4'];
- $comments = $_POST['PARAM_5'];
+ $email = $_POST['PARAM_3'];
+ $comments = $_POST['PARAM_4'];
if ($from == null)
$from = 0;
// $headers in doctext.inc
$aligns = array('left', 'left', 'left', 'right', 'left', 'right', 'right');
- $params = array('comments' => $comments,
- 'bankaccount' => $bankaccount);
+ $params = array('comments' => $comments);
- $baccount = get_bank_account($params['bankaccount']);
$cur = get_company_Pref('curr_default');
if ($email == 0)
for ($i = $from; $i <= $to; $i++)
{
$myrow = get_po($i);
+ $baccount = get_default_bank_account($myrow['curr_code']);
+ $params['bankaccount'] = $baccount['id'];
if ($email == 1)
{
projects / fa-stable.git / blobdiff