//-----------------------------------------------------------------------------------------------
-if (isset($_GET['debtor_no']))
+if (isset($_GET['debtor_no']))
{
$_POST['customer_id'] = strtoupper($_GET['debtor_no']);
$_POST['New'] = "1";
unset($_POST['New']);
}
-if (!isset($_GET['SelectedBranch']) && !isset($_POST['AddUpdate']))
+if (!isset($_GET['SelectedBranch']) && !isset($_POST['AddUpdate']))
{
$_POST['New'] = "1";
}
//-----------------------------------------------------------------------------------------------
-if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
+if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
{
//initialise no input errors assumed initially before we test
//first off validate inputs sensible
- if (strlen($_POST['br_name']) == 0)
+ if (strlen($_POST['br_name']) == 0)
{
$input_error = 1;
display_error(_("The Branch name cannot be empty."));
}
- if ($input_error != 1)
+ if ($input_error != 1)
{
//if (!isset($_POST['New']))
{
/*SelectedBranch could also exist if submit had not been clicked this code would not run in this case cos submit is false of course see the delete code below*/
- $sql = "UPDATE ".TB_PREF."cust_branch SET br_name = '" . $_POST['br_name'] . "',
- br_address = '" . $_POST['br_address'] . "',
- phone='" . $_POST['phone'] . "',
- fax='" . $_POST['fax'] . "',
- contact_name='" . $_POST['contact_name'] . "',
- salesman= '" . $_POST['salesman'] . "',
- area='" . $_POST['area'] . "',
- email='" . $_POST['email'] . "',
- tax_group_id=" . $_POST['tax_group_id'] . ",
- sales_account='" . $_POST['sales_account'] . "',
- sales_discount_account='" . $_POST['sales_discount_account'] . "',
- receivables_account='" . $_POST['receivables_account'] . "',
- payment_discount_account='" . $_POST['payment_discount_account'] . "',
- default_location='" . $_POST['default_location'] . "',
- br_post_address = '" . $_POST['br_post_address'] . "',
- disable_trans=" . $_POST['disable_trans'] . ",
- default_ship_via=" . $_POST['default_ship_via'] . "
- WHERE branch_code = '" . $_POST['branch_code'] . "'
- AND debtor_no='" . $_POST['customer_id']. "'";
-
- }
+ $sql = "UPDATE ".TB_PREF."cust_branch SET br_name = " . db_escape($_POST['br_name']) . ",
+ br_address = ".db_escape($_POST['br_address']). ",
+ phone=".db_escape($_POST['phone']). ",
+ fax=".db_escape($_POST['fax']).",
+ contact_name=".db_escape($_POST['contact_name']) . ",
+ salesman= ".db_escape($_POST['salesman']) . ",
+ area=".db_escape($_POST['area']) . ",
+ email=".db_escape($_POST['email']) . ",
+ tax_group_id=".db_escape($_POST['tax_group_id']). ",
+ sales_account=".db_escape($_POST['sales_account']) . ",
+ sales_discount_account=".db_escape($_POST['sales_discount_account']) . ",
+ receivables_account=".db_escape($_POST['receivables_account']) . ",
+ payment_discount_account=".db_escape($_POST['payment_discount_account']) . ",
+ default_location=".db_escape($_POST['default_location']) . ",
+ br_post_address =".db_escape($_POST['br_post_address']) . ",
+ disable_trans=".db_escape($_POST['disable_trans']) . ",
+ default_ship_via=".db_escape($_POST['default_ship_via']) . "
+ WHERE branch_code =".db_escape($_POST['branch_code']) . "
+ AND debtor_no=".db_escape($_POST['customer_id']);
+
+ }
else
{
/*Selected branch is null cos no item selected on first time round so must be adding a record must be submitting new entries in the new Customer Branches form */
salesman, phone, fax,
contact_name, area, email, tax_group_id, sales_account, receivables_account, payment_discount_account, sales_discount_account, default_location,
br_post_address, disable_trans, default_ship_via)
- VALUES ('" . $_POST['customer_id']. "', '" . $_POST['br_name'] . "', '" .
- $_POST['br_address'] . "', '" . $_POST['salesman'] . "', '" .
- $_POST['phone'] . "', '" . $_POST['fax'] . "','" .
- $_POST['contact_name'] . "', '" . $_POST['area'] . "','" .
- $_POST['email'] . "', " . $_POST['tax_group_id'] . ", '" .
- $_POST['sales_account'] . "', '" .
- $_POST['receivables_account'] . "', '" .
- $_POST['payment_discount_account'] . "', '" .
- $_POST['sales_discount_account'] . "', '" .
- $_POST['default_location'] . "', '" . $_POST['br_post_address'] . "'," . $_POST['disable_trans'] . ", " . $_POST['default_ship_via'] . ")";
+ VALUES (".db_escape($_POST['customer_id']). ",".db_escape($_POST['br_name']) . ", "
+ .db_escape($_POST['br_address']) . ", ".db_escape($_POST['salesman']) . ", "
+ .db_escape($_POST['phone']) . ", ".db_escape($_POST['fax']) . ","
+ .db_escape($_POST['contact_name']) . ", ".db_escape($_POST['area']) . ","
+ .db_escape($_POST['email']) . ", ".db_escape($_POST['tax_group_id']) . ", "
+ .db_escape($_POST['sales_account']) . ", "
+ .db_escape($_POST['receivables_account']) . ", "
+ .db_escape($_POST['payment_discount_account']) . ", "
+ .db_escape($_POST['sales_discount_account']) . ", "
+ .db_escape($_POST['default_location']) . ", "
+ .db_escape($_POST['br_post_address']) . ","
+ .db_escape($_POST['disable_trans']) . ", "
+ .db_escape($_POST['default_ship_via']) . ")";
}
//run the sql from either of the above possibilites
meta_forward($_SERVER['PHP_SELF'], "debtor_no=" . $_POST['customer_id']);
}
-}
-elseif (isset($_GET['delete']))
+}
+elseif (isset($_GET['delete']))
{
//the link to delete a selected record was clicked instead of the submit button
$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtor_trans WHERE branch_code='" . $_POST['branch_code']. "' AND debtor_no = '" . $_POST['customer_id']. "'";
$result = db_query($sql,"could not query debtortrans");
$myrow = db_fetch_row($result);
- if ($myrow[0] > 0)
+ if ($myrow[0] > 0)
{
display_error(_("Cannot delete this branch because customer transactions have been created to this branch."));
- }
- else
+ }
+ else
{
$sql= "SELECT COUNT(*) FROM ".TB_PREF."sales_orders WHERE branch_code='" . $_POST['branch_code']. "' AND debtor_no = '" . $_POST['customer_id']. "'";
$result = db_query($sql,"could not query sales orders");
$myrow = db_fetch_row($result);
- if ($myrow[0] > 0)
+ if ($myrow[0] > 0)
{
display_error(_("Cannot delete this branch because sales orders exist for it. Purge old sales orders first."));
- }
- else
+ }
+ else
{
$sql="DELETE FROM ".TB_PREF."cust_branch WHERE branch_code='" . $_POST['branch_code']. "' AND debtor_no='" . $_POST['customer_id']. "'";
db_query($sql,"could not delete branch");
$th = array(_("Name"), _("Contact"), _("Sales Person"), _("Area"),
_("Phone No"), _("Fax No"), _("E-mail"), _("Tax Group"), "", "");
- table_header($th);
+ table_header($th);
while ($myrow = db_fetch($result))
{
edit_link_cell("debtor_no=" . $_POST['customer_id']. "&SelectedBranch=" . $myrow["branch_code"]);
delete_link_cell("debtor_no=" . $_POST['customer_id']. "&SelectedBranch=" . $myrow["branch_code"]. "&delete=yes");
end_row();
- }
+ }
end_table();
//END WHILE LIST LOOP
}
display_note(_("The selected customer does not have any branches. Please create at least one branch."));
//else
//{
-//}
+//}
-if (!isset($_POST['New']))
+if (!isset($_POST['New']))
{
hyperlink_params($_SERVER['PHP_SELF'], _("New Customer Branch"), "debtor_no=" . $_POST['customer_id']);
}
echo "<table>";
-if (!isset($_POST['New']) && $num_branches)
+if (!isset($_POST['New']) && $num_branches)
{
//editing an existing branch
$_POST['receivables_account'] = $myrow['receivables_account'];
$_POST['payment_discount_account'] = $myrow['payment_discount_account'];
-}
-else
+}
+else
{ //end of if $SelectedBranch only do the else when a new record is being entered
$sql = "SELECT name, address, email
$_POST['br_address'] = $_POST['br_post_address'] = $myrow["address"];
$_POST['branch_code'] = "";
$_POST['email'] = $myrow['email'];
- if (!isset($_POST['sales_account']) || !isset($_POST['sales_discount_account']))
+ if (!isset($_POST['sales_account']) || !isset($_POST['sales_discount_account']))
{
$company_record = get_company_prefs();
table_section_title(_("GL Accounts"));
-gl_all_accounts_list_row(_("Sales Account:"), 'sales_account', $_POST['sales_account']);
+// 2006-06-14. Changed gl_al_accounts_list to have an optional all_option 'Use Item Sales Accounts'
+gl_all_accounts_list_row(_("Sales Account:"), 'sales_account', $_POST['sales_account'], false,
+ false, false, true);
gl_all_accounts_list_row(_("Sales Discount Account:"), 'sales_discount_account', $_POST['sales_discount_account']);
projects / fa-stable.git / blobdiff