.",pos_account=".db_escape($account)
.",cash_sale =$cash"
.",credit_sale =$credit"
- ." WHERE id = $id";
+ ." WHERE id = ".db_escape($id);
db_query($sql, "could not update sales type");
}
-function get_all_sales_points()
+function get_all_sales_points($all=false)
{
$sql = "SELECT pos.*, loc.location_name, acc.bank_account_name FROM "
.TB_PREF."sales_pos as pos
LEFT JOIN ".TB_PREF."locations as loc on pos.pos_location=loc.loc_code
LEFT JOIN ".TB_PREF."bank_accounts as acc on pos.pos_account=acc.id";
+ if (!$all) $sql .= " WHERE !pos.inactive";
return db_query($sql, "could not get all POS definitions");
}
.TB_PREF."sales_pos as pos
LEFT JOIN ".TB_PREF."locations as loc on pos.pos_location=loc.loc_code
LEFT JOIN ".TB_PREF."bank_accounts as acc on pos.pos_account=acc.id
- WHERE pos.id='$id'";
+ WHERE pos.id=".db_escape($id);
$result = db_query($sql, "could not get POS definition");
function get_sales_point_name($id)
{
- $sql = "SELECT pos_name FROM ".TB_PREF."sales_pos WHERE id=$id";
+ $sql = "SELECT pos_name FROM ".TB_PREF."sales_pos WHERE id=".db_escape($id);
$result = db_query($sql, "could not get POS name");
function delete_sales_point($id)
{
- $sql="DELETE FROM ".TB_PREF."sales_pos WHERE id=$id";
+ $sql="DELETE FROM ".TB_PREF."sales_pos WHERE id=".db_escape($id);
db_query($sql,"The point of sale record could not be deleted");
}