.",pos_account=".db_escape($account)
.",cash_sale =$cash"
.",credit_sale =$credit"
- ." WHERE id = $id";
+ ." WHERE id = ".db_escape($id);
db_query($sql, "could not update sales type");
}
-function get_all_sales_points()
+function get_all_sales_points($all=false)
{
$sql = "SELECT pos.*, loc.location_name, acc.bank_account_name FROM "
.TB_PREF."sales_pos as pos
LEFT JOIN ".TB_PREF."locations as loc on pos.pos_location=loc.loc_code
LEFT JOIN ".TB_PREF."bank_accounts as acc on pos.pos_account=acc.id";
+ if (!$all) $sql .= " WHERE !pos.inactive";
return db_query($sql, "could not get all POS definitions");
}
.TB_PREF."sales_pos as pos
LEFT JOIN ".TB_PREF."locations as loc on pos.pos_location=loc.loc_code
LEFT JOIN ".TB_PREF."bank_accounts as acc on pos.pos_account=acc.id
- WHERE pos.id='$id'";
+ WHERE pos.id=".db_escape($id);
$result = db_query($sql, "could not get POS definition");
function get_sales_point_name($id)
{
- $sql = "SELECT pos_name FROM ".TB_PREF."sales_pos WHERE id=$id";
+ $sql = "SELECT pos_name FROM ".TB_PREF."sales_pos WHERE id=".db_escape($id);
$result = db_query($sql, "could not get POS name");
$row = db_fetch_row($result);
- return $row[0];
+ return is_array($row) ? $row[0] : false;
}
function delete_sales_point($id)
{
- $sql="DELETE FROM ".TB_PREF."sales_pos WHERE id=$id";
+ $sql="DELETE FROM ".TB_PREF."sales_pos WHERE id=".db_escape($id);
db_query($sql,"The point of sale record could not be deleted");
}
-?>
\ No newline at end of file
projects / fa-stable.git / blobdiff