function set_last_sent($id, $date)
{
$date = date2sql($date);
- $sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=$id";
+ $sql = "UPDATE ".TB_PREF."recurrent_invoices SET last_sent='$date' WHERE id=".db_escape($id);
db_query($sql,"The recurrent invoice could not be updated or added");
}
{
global $Refs;
- $doc = new Cart(30, array($order_no));
+ $doc = new Cart(ST_SALESORDER, array($order_no));
get_customer_details_to_order($doc, $customer_id, $branch_id);
- $doc->trans_type = 30;
+ $doc->trans_type = ST_SALESORDER;
$doc->trans_no = 0;
$doc->document_date = Today(); // 2006-06-15. Added so Invoices and Deliveries get current day
$doc->sales_type, $doc->price_factor, $doc->document_date);
}
$cart = $doc;
- $cart->trans_type = 10;
+ $cart->trans_type = ST_SALESINVOICE;
$cart->reference = $Refs->get_next($cart->trans_type);
$invno = $cart->write(1);
set_last_sent($tmpl_no, $cart->document_date);
if (isset($_GET['recurrent']))
{
$invs = array();
- $sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".$_GET['recurrent'];
+ $sql = "SELECT * FROM ".TB_PREF."recurrent_invoices WHERE id=".db_escape($_GET['recurrent']);
$result = db_query($sql,"could not get recurrent invoice");
$myrow = db_fetch($result);
display_notification(sprintf(_("%s recurrent invoice(s) created, # $min - # $max."), count($invs)));
if (count($invs) > 0)
{
- $ar = array('PARAM_0' => $min, 'PARAM_1' => $max, 'PARAM_2' => "", 'PARAM_3' => get_first_bank_account(),
- 'PARAM_4' => 0, 'PARAM_5' => 0, 'PARAM_6' => "", 'PARAM_7' => 10);
+ $ar = array('PARAM_0' => $min, 'PARAM_1' => $max, 'PARAM_2' => "",
+ 'PARAM_3' => 0, 'PARAM_4' => 0, 'PARAM_5' => "", 'PARAM_6' => ST_SALESINVOICE);
display_note(print_link(_("&Print Recurrent Invoices # $min - # $max"), 107, $ar), 0, 1);
- $ar['PARAM_4'] = 1;
+ $ar['PARAM_3'] = 1;
display_note(print_link(_("&Email Recurrent Invoices # $min - # $max"), 107, $ar), 0, 1);
}
}
//-------------------------------------------------------------------------------------------------
function get_sales_group_name($group_no)
{
- $sql = "SELECT description FROM ".TB_PREF."groups WHERE id = $group_no";
+ $sql = "SELECT description FROM ".TB_PREF."groups WHERE id = ".db_escape($group_no);
$result = db_query($sql, "could not get group");
$row = db_fetch($result);
return $row[0];