$sql = 'SELECT trans_link FROM
'.TB_PREF.'debtor_trans WHERE
- (trans_no=' .$trans_no. ' AND type='.$trans_type.' AND trans_link!=0)';
+ (trans_no='.db_escape($trans_no).' AND type='.db_escape($trans_type).' AND trans_link!=0)';
$result = db_query($sql, 'Parent document numbers cannot be retrieved');
// invoice: find batch invoice parent trans.
$sql = 'SELECT trans_no FROM
'.TB_PREF.'debtor_trans WHERE
- (trans_link='.$trans_no.' AND type='. get_parent_type($trans_type) .')';
+ (trans_link='.db_escape($trans_no).' AND type='. get_parent_type($trans_type) .')';
$result = db_query($sql, 'Delivery links cannot be retrieved');
function update_customer_trans_version($type, $versions) {
$sql= 'UPDATE '.TB_PREF. 'debtor_trans SET version=version+1
- WHERE type='.$type. ' AND (';
+ WHERE type='.db_escape($type).' AND (';
foreach ($versions as $trans_no=>$version)
- $where[] = '(trans_no='.$trans_no.
- ' AND version='.$version.')';
+ $where[] = '(trans_no='.db_escape($trans_no).' AND version='.$version.')';
$sql .= implode(' OR ', $where) .')';
$trans_no = array( $trans_no );
$sql= 'SELECT trans_no, version FROM '.TB_PREF. 'debtor_trans
- WHERE type='.$type.' AND (';
+ WHERE type='.db_escape($type).' AND (';
foreach ($trans_no as $key=>$trans)
$trans_no[$key] = 'trans_no='.$trans_no[$key];
ov_gst, ov_freight, ov_freight_tax,
rate, ship_via, alloc, trans_link,
dimension_id, dimension2_id
- ) VALUES ($trans_no, $trans_type,
+ ) VALUES ($trans_no, ".db_escape($trans_type).",
".db_escape($debtor_no).", ".db_escape($BranchNo).",
'$SQLDate', '$SQLDueDate', ".db_escape($reference).",
- ".db_escape($sales_type).", $order_no, $Total, ".db_escape($discount).", $Tax,
+ ".db_escape($sales_type).", ".db_escape($order_no).", $Total, ".db_escape($discount).", $Tax,
".db_escape($Freight).",
$FreightTax, $rate, ".db_escape($ship_via).", $AllocAmt, ".db_escape($trans_link).",
- $dimension_id, $dimension2_id)";
+ ".db_escape($dimension_id).", ".db_escape($dimension2_id).")";
} else { // may be optional argument should stay unchanged ?
$sql = "UPDATE ".TB_PREF."debtor_trans SET
debtor_no=".db_escape($debtor_no)." , branch_code=".db_escape($BranchNo).",
tran_date='$SQLDate', due_date='$SQLDueDate',
- reference=".db_escape($reference).", tpe=".db_escape($sales_type).", order_=$order_no,
+ reference=".db_escape($reference).", tpe=".db_escape($sales_type).", order_=".db_escape($order_no).",
ov_amount=$Total, ov_discount=".db_escape($discount).", ov_gst=$Tax,
ov_freight=".db_escape($Freight).", ov_freight_tax=$FreightTax, rate=$rate,
ship_via=".db_escape($ship_via).", alloc=$AllocAmt, trans_link=$trans_link,
- dimension_id=$dimension_id, dimension2_id=$dimension2_id
- WHERE trans_no=$trans_no AND type=$trans_type";
+ dimension_id=".db_escape($dimension_id).", dimension2_id=".db_escape($dimension2_id)."
+ WHERE trans_no=$trans_no AND type=".db_escape($trans_type);
}
db_query($sql, "The debtor transaction record could not be inserted");
$sql .= ", ".TB_PREF."shippers, ".TB_PREF."sales_types, ".TB_PREF."cust_branch, ".TB_PREF."tax_groups ";
}
- $sql .= " WHERE ".TB_PREF."debtor_trans.trans_no=$trans_id
- AND ".TB_PREF."debtor_trans.type=$trans_type
+ $sql .= " WHERE ".TB_PREF."debtor_trans.trans_no=".db_escape($trans_id)."
+ AND ".TB_PREF."debtor_trans.type=".db_escape($trans_type)."
AND ".TB_PREF."debtor_trans.debtor_no=".TB_PREF."debtors_master.debtor_no";
if ($trans_type == ST_CUSTPAYMENT) {
function exists_customer_trans($type, $type_no)
{
- $sql = "SELECT trans_no FROM ".TB_PREF."debtor_trans WHERE type=$type
- AND trans_no=$type_no";
+ $sql = "SELECT trans_no FROM ".TB_PREF."debtor_trans WHERE type=".db_escape($type)."
+ AND trans_no=".db_escape($type_no);
$result = db_query($sql, "Cannot retreive a debtor transaction");
function get_customer_trans_order($type, $type_no)
{
- $sql = "SELECT order_ FROM ".TB_PREF."debtor_trans WHERE type=$type AND trans_no=$type_no";
+ $sql = "SELECT order_ FROM ".TB_PREF."debtor_trans WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no);
$result = db_query($sql, "The debtor transaction could not be queried");
//----------------------------------------------------------------------------------------
+function get_related_documents($type, $trans_no)
+{
+ $sql = "SELECT * FROM ".TB_PREF."debtor_trans WHERE type=$type AND order_=".db_escape($trans_no);
+ return db_query($sql,"The related documents could not be retreived");
+}
+//----------------------------------------------------------------------------------------
+
function get_customer_details_from_trans($type, $type_no)
{
$sql = "SELECT ".TB_PREF."debtors_master.name, ".TB_PREF."debtors_master.curr_code, ".TB_PREF."cust_branch.br_name
FROM ".TB_PREF."debtors_master,".TB_PREF."cust_branch,".TB_PREF."debtor_trans
- WHERE ".TB_PREF."debtor_trans.type=$type AND ".TB_PREF."debtor_trans.trans_no=$type_no
+ WHERE ".TB_PREF."debtor_trans.type=".db_escape($type)." AND ".TB_PREF."debtor_trans.trans_no=".db_escape($type_no)."
AND ".TB_PREF."debtors_master.debtor_no = ".TB_PREF."debtor_trans.debtor_no
AND ".TB_PREF."cust_branch.branch_code = ".TB_PREF."debtor_trans.branch_code";
{
// clear all values and mark as void
$sql = "UPDATE ".TB_PREF."debtor_trans SET ov_amount=0, ov_discount=0, ov_gst=0, ov_freight=0,
- ov_freight_tax=0, alloc=0, version=version+1 WHERE type=$type AND trans_no=$type_no";
+ ov_freight_tax=0, alloc=0, version=version+1 WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no);
db_query($sql, "could not void debtor transactions for type=$type and trans_no=$type_no");
}
function get_customer_trans_link($type, $type_no)
{
$row = db_query("SELECT trans_link from ".TB_PREF."debtor_trans
- WHERE type=$type AND trans_no=$type_no",
+ WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no),
"could not get transaction link for type=$type and trans_no=$type_no");
return $row[0];
}
//----------------------------------------------------------------------------------------
+function get_sql_for_customer_inquiry()
+{
+ $date_after = date2sql($_POST['TransAfterDate']);
+ $date_to = date2sql($_POST['TransToDate']);
+
+ $sql = "SELECT
+ trans.type,
+ trans.trans_no,
+ trans.order_,
+ trans.reference,
+ trans.tran_date,
+ trans.due_date,
+ debtor.name,
+ branch.br_name,
+ debtor.curr_code,
+ (trans.ov_amount + trans.ov_gst + trans.ov_freight
+ + trans.ov_freight_tax + trans.ov_discount) AS TotalAmount, ";
+ if ($_POST['filterType'] != ALL_TEXT)
+ $sql .= "@bal := @bal+(trans.ov_amount + trans.ov_gst + trans.ov_freight + trans.ov_freight_tax + trans.ov_discount), ";
+
+// else
+// $sql .= "IF(trans.type=".ST_CUSTDELIVERY.",'', IF(trans.type=".ST_SALESINVOICE." OR trans.type=".ST_BANKPAYMENT.",@bal := @bal+
+// (trans.ov_amount + trans.ov_gst + trans.ov_freight + trans.ov_freight_tax + trans.ov_discount), @bal := @bal-
+// (trans.ov_amount + trans.ov_gst + trans.ov_freight + trans.ov_freight_tax + trans.ov_discount))) , ";
+ $sql .= "trans.alloc AS Allocated,
+ ((trans.type = ".ST_SALESINVOICE.")
+ AND trans.due_date < '" . date2sql(Today()) . "') AS OverDue
+ FROM "
+ .TB_PREF."debtor_trans as trans, "
+ .TB_PREF."debtors_master as debtor, "
+ .TB_PREF."cust_branch as branch
+ WHERE debtor.debtor_no = trans.debtor_no
+ AND trans.tran_date >= '$date_after'
+ AND trans.tran_date <= '$date_to'
+ AND trans.branch_code = branch.branch_code";
+
+ if ($_POST['customer_id'] != ALL_TEXT)
+ $sql .= " AND trans.debtor_no = ".db_escape($_POST['customer_id']);
+
+ if ($_POST['filterType'] != ALL_TEXT)
+ {
+ if ($_POST['filterType'] == '1')
+ {
+ $sql .= " AND (trans.type = ".ST_SALESINVOICE." OR trans.type = ".ST_BANKPAYMENT.") ";
+ }
+ elseif ($_POST['filterType'] == '2')
+ {
+ $sql .= " AND (trans.type = ".ST_SALESINVOICE.") ";
+ }
+ elseif ($_POST['filterType'] == '3')
+ {
+ $sql .= " AND (trans.type = " . ST_CUSTPAYMENT
+ ." OR trans.type = ".ST_BANKDEPOSIT.") ";
+ }
+ elseif ($_POST['filterType'] == '4')
+ {
+ $sql .= " AND trans.type = ".ST_CUSTCREDIT." ";
+ }
+ elseif ($_POST['filterType'] == '5')
+ {
+ $sql .= " AND trans.type = ".ST_CUSTDELIVERY." ";
+ }
+
+ if ($_POST['filterType'] == '2')
+ {
+ $today = date2sql(Today());
+ $sql .= " AND trans.due_date < '$today'
+ AND (trans.ov_amount + trans.ov_gst + trans.ov_freight_tax +
+ trans.ov_freight + trans.ov_discount - trans.alloc > 0) ";
+ }
+ }
+ return $sql;
+}
+
+function get_sql_for_sales_deliveries_view($selected_customer, $selected_stock_item)
+{
+ $sql = "SELECT trans.trans_no,
+ debtor.name,
+ branch.branch_code,
+ branch.br_name,
+ sorder.deliver_to,
+ trans.reference,
+ sorder.customer_ref,
+ trans.tran_date,
+ trans.due_date,
+ (ov_amount+ov_gst+ov_freight+ov_freight_tax) AS DeliveryValue,
+ debtor.curr_code,
+ Sum(line.quantity-line.qty_done) AS Outstanding,
+ Sum(line.qty_done) AS Done
+ FROM "
+ .TB_PREF."sales_orders as sorder, "
+ .TB_PREF."debtor_trans as trans, "
+ .TB_PREF."debtor_trans_details as line, "
+ .TB_PREF."debtors_master as debtor, "
+ .TB_PREF."cust_branch as branch
+ WHERE
+ sorder.order_no = trans.order_ AND
+ trans.debtor_no = debtor.debtor_no
+ AND trans.type = ".ST_CUSTDELIVERY."
+ AND line.debtor_trans_no = trans.trans_no
+ AND line.debtor_trans_type = trans.type
+ AND trans.branch_code = branch.branch_code
+ AND trans.debtor_no = branch.debtor_no ";
+
+ if ($_POST['OutstandingOnly'] == true) {
+ $sql .= " AND line.qty_done < line.quantity ";
+ }
+
+ //figure out the sql required from the inputs available
+ if (isset($_POST['DeliveryNumber']) && $_POST['DeliveryNumber'] != "")
+ {
+ $delivery = "%".$_POST['DeliveryNumber'];
+ $sql .= " AND trans.trans_no LIKE ".db_escape($delivery);
+ $sql .= " GROUP BY trans.trans_no";
+ }
+ else
+ {
+ $sql .= " AND trans.tran_date >= '".date2sql($_POST['DeliveryAfterDate'])."'";
+ $sql .= " AND trans.tran_date <= '".date2sql($_POST['DeliveryToDate'])."'";
+
+ if ($selected_customer != -1)
+ $sql .= " AND trans.debtor_no=".db_escape($selected_customer)." ";
+
+ if (isset($selected_stock_item))
+ $sql .= " AND line.stock_id=".db_escape($selected_stock_item)." ";
+
+ if (isset($_POST['StockLocation']) && $_POST['StockLocation'] != ALL_TEXT)
+ $sql .= " AND sorder.from_stk_loc = ".db_escape($_POST['StockLocation'])." ";
+
+ $sql .= " GROUP BY trans.trans_no ";
+
+ } //end no delivery number selected
+ return $sql;
+}
?>
\ No newline at end of file
projects / fa-stable.git / blobdiff