Contact CRUD class.

[fa-stable.git] / sales / includes / db / cust_trans_details_db.inc

diff --git a/sales/includes/db/cust_trans_details_db.inc b/sales/includes/db/cust_trans_details_db.inc
index 8d7ce3860a86aaaa7db2692307c1014759712695..86310ffaf0995bda3e2615cc56cd7f62c440bbcd 100644 (file)
--- a/sales/includes/db/cust_trans_details_db.inc
+++ b/sales/includes/db/cust_trans_details_db.inc
@@ -1,13 +1,13 @@
 <?php
 /**********************************************************************
     Copyright (C) FrontAccounting, LLC.
-       Released under the terms of the GNU Affero General Public License,
-       AGPL, as published by the Free Software Foundation, either version 
-       3 of the License, or (at your option) any later version.
+       Released under the terms of the GNU General Public License, GPL, 
+       as published by the Free Software Foundation, either version 3 
+       of the License, or (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
-    See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 //----------------------------------------------------------------------------------------
 
@@ -30,7 +30,7 @@ if (!is_array($debtor_trans_no))
        $sql .= implode(' OR ', $tr);
 
 
-       $sql.=  ") AND debtor_trans_type=$debtor_trans_type
+       $sql.=  ") AND debtor_trans_type=".db_escape($debtor_trans_type)."
                AND ".TB_PREF."stock_master.stock_id=".TB_PREF."debtor_trans_details.stock_id
                ORDER BY id";
        return db_query($sql, "The debtor transaction detail could not be queried");
@@ -42,8 +42,8 @@ function void_customer_trans_details($type, $type_no)
 {
        $sql = "UPDATE ".TB_PREF."debtor_trans_details SET quantity=0, unit_price=0,
                unit_tax=0, discount_percent=0, standard_cost=0
-               WHERE debtor_trans_no=$type_no
-               AND debtor_trans_type=$type";
+               WHERE debtor_trans_no=".db_escape($type_no)."
+               AND debtor_trans_type=".db_escape($type);
 
        db_query($sql, "The debtor transaction details could not be voided");
 
@@ -64,12 +64,12 @@ function write_customer_trans_detail_item($debtor_trans_type, $debtor_trans_no,
                        unit_tax=$unit_tax,
                        discount_percent=$discount_percent,
                        standard_cost=$std_cost WHERE
-                       id=$line_id";
+                       id=".db_escape($line_id);
        else
                        $sql = "INSERT INTO ".TB_PREF."debtor_trans_details (debtor_trans_no,
                                debtor_trans_type, stock_id, description, quantity, unit_price,
                                unit_tax, discount_percent, standard_cost)
-                       VALUES ($debtor_trans_no, $debtor_trans_type, ".db_escape($stock_id).
+                       VALUES (".db_escape($debtor_trans_no).", ".db_escape($debtor_trans_type).", ".db_escape($stock_id).
                        ", ".db_escape($description).",
                                $quantity, $unit_price, $unit_tax, $discount_percent, $std_cost)";