X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=purchasing%2Fincludes%2Fdb%2Finvoice_db.inc;h=cc5c85496ba0564417cdd705b2f2206a7aef75a2;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=adc6245dc3305ca8e5e4e6ce08063351e555c9d1;hpb=06e9db98cf0704e1245b75635ee2f214faf1f4a1;p=fa-stable.git

diff --git a/purchasing/includes/db/invoice_db.inc b/purchasing/includes/db/invoice_db.inc
index adc6245d..cc5c8549 100644
--- a/purchasing/includes/db/invoice_db.inc
+++ b/purchasing/includes/db/invoice_db.inc
@@ -15,13 +15,14 @@ include_once($path_to_root . "/purchasing/includes/db/invoice_items_db.inc");
 
 function read_supplier_details_to_trans(&$supp_trans, $supplier_id)
 {
-	$sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."payment_terms.terms, ".TB_PREF."payment_terms.days_before_due,
+	$sql = "SELECT ".TB_PREF."suppliers.supp_name, ".TB_PREF."payment_terms.terms, "
+		.TB_PREF."payment_terms.days_before_due,
 		".TB_PREF."payment_terms.day_in_following_month,
 		".TB_PREF."suppliers.tax_group_id, ".TB_PREF."tax_groups.name As tax_group_name
 		From ".TB_PREF."suppliers, ".TB_PREF."payment_terms, ".TB_PREF."tax_groups
 		WHERE ".TB_PREF."suppliers.tax_group_id = ".TB_PREF."tax_groups.id
 		AND ".TB_PREF."suppliers.payment_terms=".TB_PREF."payment_terms.terms_indicator
-		AND ".TB_PREF."suppliers.supplier_id = '" . $supplier_id . "'";
+		AND ".TB_PREF."suppliers.supplier_id = ".db_escape($supplier_id);
 
 	$result = db_query($sql, "The supplier record selected: " . $supplier_id . " cannot be retrieved");
 
@@ -61,7 +62,7 @@ function update_supp_received_items_for_invoice($id, $po_detail_item, $qty_invoi
 	if ($chg_price != null)
 	{
 		$sql = "SELECT act_price, unit_price FROM ".TB_PREF."purch_order_details WHERE
-			po_detail_item = $po_detail_item";
+			po_detail_item = ".db_escape($po_detail_item);
 		$result = db_query($sql, "The old actual price of the purchase order line could not be retrieved");
 		$row = db_fetch_row($result);
 		$ret = $row[0];
@@ -69,7 +70,8 @@ function update_supp_received_items_for_invoice($id, $po_detail_item, $qty_invoi
 		$unit_price = $row[1]; //Added by Rasmus
 
 		$sql = "SELECT delivery_date FROM ".TB_PREF."grn_batch,".TB_PREF."grn_items WHERE
-			".TB_PREF."grn_batch.id = ".TB_PREF."grn_items.grn_batch_id AND ".TB_PREF."grn_items.id=$id";
+			".TB_PREF."grn_batch.id = ".TB_PREF."grn_items.grn_batch_id AND "
+			.TB_PREF."grn_items.id=".db_escape($id);
 		$result = db_query($sql, "The old delivery date from the received record cout not be retrieved");
 		$row = db_fetch_row($result);
 		$date = $row[0];
@@ -81,17 +83,17 @@ function update_supp_received_items_for_invoice($id, $po_detail_item, $qty_invoi
 		$unit_price = 0; // Added by Rasmus
 	}
     $sql = "UPDATE ".TB_PREF."purch_order_details
-		SET qty_invoiced = qty_invoiced + $qty_invoiced ";
+		SET qty_invoiced = qty_invoiced + ".db_escape($qty_invoiced);
 
 	if ($chg_price != null)
-		$sql .= " , act_price = $chg_price ";
+		$sql .= " , act_price = ".db_escape($chg_price);
 
-	$sql .= " WHERE po_detail_item = $po_detail_item";
+	$sql .= " WHERE po_detail_item = ".db_escape($po_detail_item);
     db_query($sql, "The quantity invoiced of the purchase order line could not be updated");
 
     $sql = "UPDATE ".TB_PREF."grn_items
-        SET quantity_inv = quantity_inv + $qty_invoiced
-        WHERE id = $id";
+        SET quantity_inv = quantity_inv + ".db_escape($qty_invoiced)."
+        WHERE id = ".db_escape($id);
 	db_query($sql, "The quantity invoiced off the items received record could not be updated");
 	return array($ret, $date, $unit_price);
 }
@@ -101,7 +103,7 @@ function get_deliveries_between($stock_id, $from, $to)
 	$from = date2sql($from);
 	$to = date2sql($to);
 	$sql = "SELECT SUM(-qty), SUM(-qty*standard_cost) FROM ".TB_PREF."stock_moves
-		WHERE type=13 AND stock_id='$stock_id' AND
+		WHERE type=13 AND stock_id=".db_escape($stock_id)." AND
 			tran_date>='$from' AND tran_date<='$to' GROUP BY stock_id";
 	$result = db_query($sql, "The deliveries could not be updated");
 	return db_fetch_row($result);
@@ -188,6 +190,8 @@ function add_supp_invoice($supp_trans, $invoice_no=0) // do not receive as ref b
 			$entered_gl_code->amount, $memo_);
 
 		// store tax details if the gl account is a tax account
+		if (!$supp_trans->is_invoice)
+			$entered_gl_code->amount = -$entered_gl_code->amount;
 		add_gl_tax_details($entered_gl_code->gl_code, 
 			$trans_type, $invoice_id, $entered_gl_code->amount,
 			$ex_rate, $date_, $supp_trans->supp_reference);
@@ -262,18 +266,24 @@ function add_supp_invoice($supp_trans, $invoice_no=0) // do not receive as ref b
 			$entered_grn->this_quantity_inv, $entered_grn->id, $entered_grn->po_detail_item, "");
     } /* end of GRN postings */
     /* Now the TAX account */
+    $taxes = $supp_trans->get_taxes($supp_trans->tax_group_id, 0, false); // 2009.08-18 Joe Hunt. We have already got the gl lines
     foreach ($taxes as $taxitem)
     {
     	if ($taxitem['Net'] != 0)
     	{
 
     		if (!$supp_trans->is_invoice)
+    		{
+    			$taxitem['Net'] = -$taxitem['Net'];
     			$taxitem['Value'] = -$taxitem['Value'];
+    		}	
     		// here we suppose that tax is never included in price (we are company customer).
 			add_trans_tax_details($trans_type, $invoice_id, 
 				$taxitem['tax_type_id'], $taxitem['rate'], 0, $taxitem['Value'],
 				$taxitem['Net'], $ex_rate, $date_, $supp_trans->supp_reference);
 
+    		if (!$supp_trans->is_invoice)
+    			$taxitem['Value'] = -$taxitem['Value'];
     		$total += add_gl_trans_supplier($trans_type, $invoice_id, $date_,
     			$taxitem['purchasing_gl_code'], 0, 0, $taxitem['Value'],
     			$supp_trans->supplier_id,
@@ -330,11 +340,12 @@ function get_po_invoices_credits($po_number)
 	$sql = "SELECT DISTINCT ".TB_PREF."supp_trans.trans_no, ".TB_PREF."supp_trans.type,
 		ov_amount+ov_discount+ov_gst AS Total,
 		".TB_PREF."supp_trans.tran_date
-		FROM ".TB_PREF."supp_trans, ".TB_PREF."supp_invoice_items, ".TB_PREF."purch_order_details, ".TB_PREF."purch_orders
+		FROM ".TB_PREF."supp_trans, ".TB_PREF."supp_invoice_items, "
+		.TB_PREF."purch_order_details, ".TB_PREF."purch_orders
 		WHERE ".TB_PREF."supp_invoice_items.supp_trans_no = ".TB_PREF."supp_trans.trans_no
 		AND ".TB_PREF."supp_invoice_items.po_detail_item_id = ".TB_PREF."purch_order_details.po_detail_item
 		AND ".TB_PREF."purch_orders.supplier_id = ".TB_PREF."supp_trans.supplier_id
-		AND ".TB_PREF."purch_order_details.order_no = $po_number";
+		AND ".TB_PREF."purch_order_details.order_no = ".db_escape($po_number);
 
 	return db_query($sql, "The invoices/credits for the po $po_number could not be retreived");
 }
@@ -344,7 +355,7 @@ function get_po_invoices_credits($po_number)
 function read_supp_invoice($trans_no, $trans_type, &$supp_trans)
 {
 	$sql = "SELECT ".TB_PREF."supp_trans.*, supp_name FROM ".TB_PREF."supp_trans,".TB_PREF."suppliers
-		WHERE trans_no = $trans_no AND type = $trans_type
+		WHERE trans_no = ".db_escape($trans_no)." AND type = ".db_escape($trans_type)."
 		AND ".TB_PREF."suppliers.supplier_id=".TB_PREF."supp_trans.supplier_id";
 	$result = db_query($sql, "Cannot retreive a supplier transaction");
 
@@ -404,7 +415,8 @@ function read_supp_invoice($trans_no, $trans_type, &$supp_trans)
 function get_matching_invoice_item($stock_id, $po_item_id)
 {
 	$sql = "SELECT *, tran_date FROM ".TB_PREF."supp_invoice_items, ".TB_PREF."supp_trans
-		WHERE supp_trans_type = 20 AND stock_id = '$stock_id' AND po_detail_item_id = $po_item_id
+		WHERE supp_trans_type = 20 AND stock_id = "
+		.db_escape($stock_id)." AND po_detail_item_id = ".db_escape($po_item_id)."
 		AND supp_trans_no = trans_no";
 	$result = db_query($sql, "Cannot retreive supplier transaction detail records");
 	return db_fetch($result);