projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed session name to avoid conflicts during multiuser debugging.
[fa-stable.git] / sales / includes / db / sales_order_db.inc
diff --git a/sales/includes/db/sales_order_db.inc b/sales/includes/db/sales_order_db.inc
index a6c7610637fa06b4eae24b5a28aaaa3e437e9baa..25e39abf579fb66c7da65065ffd856a96d810421 100644 (file)
--- a/sales/includes/db/sales_order_db.inc
+++ b/sales/includes/db/sales_order_db.inc
@@ -54,15 +54,20 @@ function add_sales_order(&$order)
        $sql = "INSERT INTO ".TB_PREF."sales_orders (type, debtor_no, branch_code, customer_ref, comments, ord_date,
                order_type, ship_via, deliver_to, delivery_address, contact_phone,
                contact_email, freight_cost, from_stk_loc, delivery_date)
-               VALUES ('" . $order_type . "', '" . $order->customer_id . "', '" . $order->Branch . "', '".
-                       $order->cust_ref ."','". db_escape($order->Comments) ."','" .
-                       date2sql($order->document_date) . "', '" .
-                       $order->default_sales_type . "', " .
-                       $_POST['ship_via'] .",'" . $order->deliver_to . "', '" .
-                       $order->delivery_address . "', '" .
-                       $order->phone . "', '" . $order->email . "', " .
-                       $order->freight_cost .", '" . $order->Location ."', '" .
-                       $del_date . "')";
+               VALUES (" .db_escape($order_type) . "," . db_escape($order->customer_id) .
+                ", " . db_escape($order->Branch) . ", ".
+                       db_escape($order->cust_ref) .",". 
+                       db_escape($order->Comments) .",'" . 
+                       date2sql($order->document_date) . "', " .
+                       db_escape($order->sales_type) . ", " .
+                       db_escape($order->ship_via)."," . 
+                       db_escape($order->deliver_to) . "," .
+                       db_escape($order->delivery_address) . ", " .
+                       db_escape($order->phone) . ", " . 
+                       db_escape($order->email) . ", " .
+                       db_escape($order->freight_cost) .", " . 
+                       db_escape($order->Location) .", " .
+                       db_escape($del_date) . ")";
 
        db_query($sql, "order Cannot be Added");
 
@@ -106,15 +111,14 @@ function add_sales_order(&$order)
 
                $sql = "INSERT INTO ".TB_PREF."sales_order_details (order_no, stk_code, description, unit_price, quantity, discount_percent) VALUES (";
                $sql .= $order_no .
-                               ",'$line->stock_id', '$line->item_description', $line->price,
+                               ",".db_escape($line->stock_id).", "
+                               .db_escape($line->item_description).", $line->price,
                                $line->quantity,
                                $line->discount_percent)";
                db_query($sql, "order Details Cannot be Added");
 
        } /* inserted line items into sales order details */
 
-       add_forms_for_sys_type(systypes::sales_order(), $order_no);
-
        commit_transaction();
 
        if ($loc_notification == 1 && count($st_ids) > 0)
@@ -150,15 +154,13 @@ function delete_sales_order($order_no)
        $sql = "DELETE FROM ".TB_PREF."sales_order_details WHERE order_no =" . $order_no;
        db_query($sql, "order Detail Delete");
 
-       delete_forms_for_systype(systypes::sales_order(), $order_no);
-
        commit_transaction();
 }
 
 //----------------------------------------------------------------------------------------
 // Mark changes in sales_order_details
 //
-function update_sales_order_version($order) 
+function update_sales_order_version($order)
 {
   foreach ($order as $so_num => $so_ver) {
   $sql= 'UPDATE '.TB_PREF.'sales_orders SET version=version+1 WHERE order_no='. $so_num.
@@ -181,24 +183,23 @@ function update_sales_order($order)
        begin_transaction();
 
        $sql = "UPDATE ".TB_PREF."sales_orders SET type =".$order->so_type." ,
-               debtor_no = '" . $order->customer_id . "',
-               branch_code = '" . $order->Branch . "',
-               customer_ref = '". $order->cust_ref ."',
-               comments = '". db_escape($order->Comments) ."',
-               ord_date = '" . $ord_date . "',
-               order_type = '" . $order->default_sales_type . "',
-               ship_via = " . $order->ship_via .",
-               deliver_to = '" . $order->deliver_to . "',
-               delivery_address = '" . $order->delivery_address . "',
-               contact_phone = '" . $order->phone . "',
-               contact_email = '" . $order->email . "',
-               freight_cost = " . $order->freight_cost .",
-               from_stk_loc = '" . $order->Location ."',
-               delivery_date = '" . $del_date . "',
+               debtor_no = " . db_escape($order->customer_id) . ",
+               branch_code = " . db_escape($order->Branch) . ",
+               customer_ref = ". db_escape($order->cust_ref) .",
+               comments = ". db_escape($order->Comments) .",
+               ord_date = " . db_escape($ord_date) . ",
+               order_type = " .db_escape($order->sales_type) . ",
+               ship_via = " . db_escape($order->ship_via) .",
+               deliver_to = " . db_escape($order->deliver_to) . ",
+               delivery_address = " . db_escape($order->delivery_address) . ",
+               contact_phone = " .db_escape($order->phone) . ",
+               contact_email = " .db_escape($order->email) . ",
+               freight_cost = " .db_escape($order->freight_cost) .",
+               from_stk_loc = " .db_escape($order->Location) .",
+               delivery_date = " .db_escape($del_date). ",
                version = ".($version+1)."
         WHERE order_no=" . $order_no ."
         AND version=".$version;
-
        db_query($sql, "order Cannot be Updated, this can be concurrent edition conflict");
 
        $sql = "DELETE FROM ".TB_PREF."sales_order_details WHERE order_no =" . $order_no;
@@ -242,17 +243,17 @@ function update_sales_order($order)
                                }
                        }
                }
-               $sql = "INSERT INTO ".TB_PREF."sales_order_details 
-                (order_no, stk_code,  description, unit_price, quantity, 
-                 discount_percent, qty_sent) 
+               $sql = "INSERT INTO ".TB_PREF."sales_order_details
+                (order_no, stk_code,  description, unit_price, quantity,
+                 discount_percent, qty_sent)
                 VALUES (";
-               $sql .= $order_no . ",'"
-                 .$line->stock_id . "','"
-                 .$line->item_description . "', "
-                 .$line->price . ", "
-                 .$line->quantity . ", "
-                 .$line->discount_percent . ", "
-                 .$line->qty_done ." )";
+               $sql .= $order_no . ","
+                 .db_escape($line->stock_id) . ","
+                 .db_escape($line->item_description) . ", "
+                 .db_escape($line->price) . ", "
+                 .db_escape($line->quantity) . ", "
+                 .db_escape($line->discount_percent) . ", "
+                 .db_escape($line->qty_done) ." )";
 
                db_query($sql, "Old order Cannot be Inserted");
 
@@ -269,8 +270,8 @@ function update_sales_order($order)
                $subject = _("Stocks below Re-Order Level at " . $loc['location_name']);
                $msg = "\n";
                for ($i = 0; $i < count($st_ids); $i++)
-                       $msg .= $st_ids[$i] . " " . $st_names[$i] . ", " 
-                         . _("Re-Order Level") . ": " . $st_reorder[$i] . ", " 
+                       $msg .= $st_ids[$i] . " " . $st_names[$i] . ", "
+                         . _("Re-Order Level") . ": " . $st_reorder[$i] . ", "
                          . _("Below") . ": " . $st_num[$i] . "\n";
                $msg .= "\n" . _("Please reorder") . "\n\n";
                $msg .= $company['coy_name'];
@@ -332,7 +333,7 @@ function get_sales_order_header($order_no)
 function get_sales_order_details($order_no) {
        $sql = "SELECT id, stk_code, unit_price, "
                .TB_PREF."sales_order_details.description,"
-               .TB_PREF."sales_order_details.quantity, 
+               .TB_PREF."sales_order_details.quantity,
                  discount_percent,
                  qty_sent as qty_done, "
                .TB_PREF."stock_master.units,
@@ -355,21 +356,22 @@ function read_sales_order($order_no, &$order)
        $order->so_type =  $myrow["type"];
        $order->trans_no = array($order_no=> $myrow["version"]);
 
-       $order->set_customer($myrow["debtor_no"], $myrow["name"], 
+       $order->set_customer($myrow["debtor_no"], $myrow["name"],
          $myrow["curr_code"], $myrow["discount"]);
 
        $order->set_branch($myrow["branch_code"], $myrow["tax_group_id"],
          $myrow["tax_group_name"], $myrow["contact_phone"], $myrow["contact_email"]);
 
-       $order->set_sales_type($myrow["sales_type_id"], $myrow["sales_type"], $myrow["tax_included"]);
+       $order->set_sales_type($myrow["sales_type_id"], $myrow["sales_type"], 
+           $myrow["tax_included"], 0); // no default price calculations on edit
 
        $order->set_location($myrow["from_stk_loc"], $myrow["location_name"]);
 
-       $order->set_delivery($myrow["ship_via"], $myrow["deliver_to"], 
+       $order->set_delivery($myrow["ship_via"], $myrow["deliver_to"],
          $myrow["delivery_address"], $myrow["freight_cost"]);
-         
+
        $order->cust_ref = $myrow["customer_ref"];
-       $order->default_sales_type =$myrow["order_type"];
+       $order->sales_type =$myrow["order_type"];
        $order->Comments = $myrow["comments"];
        $order->due_date = sql2date($myrow["delivery_date"]);
        $order->document_date = sql2date($myrow["ord_date"]);
@@ -450,8 +452,10 @@ function get_customer_to_order($customer_id) {
                  .TB_PREF."debtors_master.sales_type AS salestype, "
                  .TB_PREF."sales_types.sales_type, "
                  .TB_PREF."sales_types.tax_included, "
+                 .TB_PREF."sales_types.factor, "
                  .TB_PREF."debtors_master.curr_code, "
-                 .TB_PREF."debtors_master.discount
+                 .TB_PREF."debtors_master.discount,"
+                 .TB_PREF."debtors_master.pymt_discount
                FROM ".TB_PREF."debtors_master, "
                  .TB_PREF."credit_status, "
                  .TB_PREF."sales_types
@@ -465,7 +469,7 @@ function get_customer_to_order($customer_id) {
 }
 
 function get_branch_to_order($customer_id, $branch_id) {
-               
+
        // the branch was also selected from the customer selection so default the delivery details from the customer branches table cust_branch. The order process will ask for branch details later anyway
                $sql = "SELECT ".TB_PREF."cust_branch.br_name, "
                        .TB_PREF."cust_branch.br_address, "
FrontAccounting stable branch