X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=dimensions%2Fincludes%2Fdimensions_db.inc;h=c048371042cad41d51c32a4b6ddb5cf1cdd063ee;hb=b2ddc6a6ed30ad69721b7d54610935020cf24247;hp=3335623dce8bdb2abcaafabf1ae0ca9e2eb4a5fc;hpb=0bf933423b9645bcb57390c478d4fdaf0c895049;p=fa-stable.git

diff --git a/dimensions/includes/dimensions_db.inc b/dimensions/includes/dimensions_db.inc
index 3335623d..c0483710 100644
--- a/dimensions/includes/dimensions_db.inc
+++ b/dimensions/includes/dimensions_db.inc
@@ -122,10 +122,11 @@ function dimension_has_deposits($id)
 
 function dimension_has_payments($id)
 {
-	$sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE dimension_id = ".db_escape($id);
+	$sql = "SELECT COUNT(*) FROM ".TB_PREF."gl_trans WHERE dimension_id = ".db_escape($id)
+	 . " OR dimension2_id = ".db_escape($id);
 	$res = db_query($sql, "Transactions could not be calculated");
 	$row = db_fetch_row($res);
-	return ($row[0] != 0.0);
+	return ($row[0] > 0);
 }
 
 function dimension_is_closed($id)
@@ -146,7 +147,7 @@ function close_dimension($id)
 
 function reopen_dimension($id)
 {
-	$sql = "UPDATE ".TB_PREF."dimensions SET closed='0' WHERE id = $id";
+	$sql = "UPDATE ".TB_PREF."dimensions SET closed='0' WHERE id = ".db_escape($id);
 	db_query($sql, "could not reopen dimension");
 }
 
@@ -159,7 +160,7 @@ function get_dimension_balance_all($id, $from, $to)
 	$sql = "SELECT account, ".TB_PREF."chart_master.account_name, sum(amount) AS amt FROM
 		".TB_PREF."gl_trans,".TB_PREF."chart_master WHERE
 		".TB_PREF."gl_trans.account = ".TB_PREF."chart_master.account_code AND
-		(dimension_id = $id OR dimension2_id = $id) AND
+		(dimension_id = ".db_escape($id)." OR dimension2_id = ".db_escape($id).") AND
 		tran_date >= '$from' AND tran_date <= '$to' GROUP BY account";
 	return db_query($sql, "Transactions could not be calculated");
 }
@@ -172,7 +173,7 @@ function get_dimension_balance($id, $from, $to)
 	$sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE tran_date >= '" .
 		date2sql($from) . "' AND
 		tran_date <= '" . date2sql($to) . "' AND (dimension_id = " .
-		$id." OR dimension2_id = " .$id.")";
+		db_escape($id)." OR dimension2_id = " .db_escape($id).")";
 	$res = db_query($sql, "Sum of transactions could not be calculated");
 	$row = db_fetch_row($res);