<?php
-
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU Affero General Public License,
+ AGPL, as published by the Free Software Foundation, either version
+ 3 of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
+***********************************************************************/
//----------------------------------------------------------------------------------------
function get_customer_trans_details($debtor_trans_type, $debtor_trans_no)
{
if ($line_id!=0)
$sql = "UPDATE ".TB_PREF."debtor_trans_details SET
- stock_id='$stock_id',
- description='$description',
+ stock_id=".db_escape($stock_id).",
+ description=".db_escape($description).",
quantity=$quantity,
unit_price=$unit_price,
unit_tax=$unit_tax,
$sql = "INSERT INTO ".TB_PREF."debtor_trans_details (debtor_trans_no,
debtor_trans_type, stock_id, description, quantity, unit_price,
unit_tax, discount_percent, standard_cost)
- VALUES ($debtor_trans_no, $debtor_trans_type, '$stock_id', '$description',
+ VALUES ($debtor_trans_no, $debtor_trans_type, ".db_escape($stock_id).
+ ", ".db_escape($description).",
$quantity, $unit_price, $unit_tax, $discount_percent, $std_cost)";
db_query($sql, "The debtor transaction detail could not be written");