More strict mode fixes.

[fa-stable.git] / sales / manage / sales_groups.php

diff --git a/sales/manage/sales_groups.php b/sales/manage/sales_groups.php
index 0fb676c6e070e611908c925c6c4cd3566cf47463..2ee95badf68fd9160ef04c7125e4581709ee3e8a 100644 (file)
--- a/sales/manage/sales_groups.php
+++ b/sales/manage/sales_groups.php
@@ -9,11 +9,11 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 3;
-$path_to_root="../..";
+$page_security = 'SA_SALESGROUP';
+$path_to_root = "../..";
 include($path_to_root . "/includes/session.inc");
 
-page(_("Sales Groups"));
+page(_($help_context = "Sales Groups"));
 
 include($path_to_root . "/includes/ui.inc");
 
@@ -35,7 +35,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
        {
        if ($selected_id != -1) 
        {
-               $sql = "UPDATE ".TB_PREF."groups SET description=".db_escape($_POST['description'])." WHERE id = '$selected_id'";
+               $sql = "UPDATE ".TB_PREF."groups SET description=".db_escape($_POST['description'])." WHERE id = ".db_escape($selected_id);
                        $note = _('Selected sales group has been updated');
        } 
        else 
@@ -57,7 +57,7 @@ if ($Mode == 'Delete')
 
        // PREVENT DELETES IF DEPENDENT RECORDS IN 'debtors_master'
 
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE group_no='$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."cust_branch WHERE group_no=".db_escape($selected_id);
        $result = db_query($sql,"check failed");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -67,7 +67,7 @@ if ($Mode == 'Delete')
        } 
        if ($cancel_delete == 0) 
        {
-               $sql="DELETE FROM ".TB_PREF."groups WHERE id='" . $selected_id . "'";
+               $sql="DELETE FROM ".TB_PREF."groups WHERE id=".db_escape($selected_id);
                db_query($sql,"could not delete sales group");
 
                display_notification(_('Selected sales group has been deleted'));
@@ -78,16 +78,22 @@ if ($Mode == 'Delete')
 if ($Mode == 'RESET')
 {
        $selected_id = -1;
+       $sav = get_post('show_inactive');
        unset($_POST);
+       if ($sav) $_POST['show_inactive'] = 1;
 }
 //-------------------------------------------------------------------------------------------------
 
-$sql = "SELECT * FROM ".TB_PREF."groups ORDER BY description";
+$sql = "SELECT * FROM ".TB_PREF."groups";
+if (!check_value('show_inactive')) $sql .= " WHERE !inactive";
+$sql .= " ORDER BY description";
 $result = db_query($sql,"could not get groups");
 
 start_form();
 start_table("$table_style width=30%");
 $th = array(_("Group Name"), "", "");
+inactive_control_column($th);
+
 table_header($th);
 $k = 0; 
 
@@ -97,27 +103,26 @@ while ($myrow = db_fetch($result))
        alt_table_row_color($k);
                
        label_cell($myrow["description"]);
+       inactive_control_cell($myrow["id"], $myrow["inactive"], 'groups', 'id');
        edit_button_cell("Edit".$myrow["id"], _("Edit"));
        delete_button_cell("Delete".$myrow["id"], _("Delete"));
        end_row();
 }
 
-
+inactive_control_row($th);
 end_table();
-end_form();
+
 echo '<br>';
 
 //-------------------------------------------------------------------------------------------------
 
-start_form();
-
 start_table($table_style2);
 
 if ($selected_id != -1) 
 {
        if ($Mode == 'Edit') {
                //editing an existing area
-               $sql = "SELECT * FROM ".TB_PREF."groups WHERE id='$selected_id'";
+               $sql = "SELECT * FROM ".TB_PREF."groups WHERE id=".db_escape($selected_id);
 
                $result = db_query($sql,"could not get group");
                $myrow = db_fetch($result);
@@ -131,7 +136,7 @@ text_row_ex(_("Group Name:"), 'description', 30);
 
 end_table(1);
 
-submit_add_or_update_center($selected_id == -1, '', true);
+submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();