X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fbank_account_reconcile.php;h=d1dbba01c40d8d50af6ef9bd79f42dace4ce464d;hb=36ec54507b7841b2352734b81e45b95e371ecdab;hp=1810b6417c9ddcaa92b94db153ceead6fd45d157;hpb=902f1015d874c33bd7946b17de2ad80b4f2144b6;p=fa-stable.git

diff --git a/gl/bank_account_reconcile.php b/gl/bank_account_reconcile.php
index 1810b641..d1dbba01 100644
--- a/gl/bank_account_reconcile.php
+++ b/gl/bank_account_reconcile.php
@@ -59,7 +59,9 @@ function rec_checkbox($row)
 
 function systype_name($dummy, $type)
 {
-	return systypes::name($type);
+	global $systypes_array;
+	
+	return $systypes_array[$type];
 }
 
 function trans_view($trans)
@@ -86,7 +88,7 @@ function fmt_credit($row)
 
 function fmt_person($row)
 {
-	return payment_person_types::person_name($row["person_type_id"],$row["person_id"]);
+	return payment_person_name($row["person_type_id"],$row["person_id"]);
 }
 
 $update_pager = false;
@@ -115,14 +117,15 @@ function change_tpl_flag($reconcile_id)
 	$_POST['bank_date'] = date2sql(get_post('reconcile_date'));
 	$reconcile_value = check_value("rec_".$reconcile_id) 
 						? ("'".$_POST['bank_date'] ."'") : 'NULL';
-	$sql = "UPDATE ".TB_PREF."bank_trans SET reconciled=$reconcile_value WHERE id=$reconcile_id";
+	$sql = "UPDATE ".TB_PREF."bank_trans SET reconciled=".db_escape($reconcile_value)
+	." WHERE id=".db_escape($reconcile_id);
 
   	db_query($sql, "Can't change reconciliation status");
 	// save last reconcilation status (date, end balance)
     $sql2="UPDATE ".TB_PREF."bank_accounts SET last_reconciled_date='"
 			.date2sql($_POST["reconcile_date"])."',
     	    ending_reconcile_balance=".input_num("end_balance")
-			." WHERE id=".$_POST["bank_account"];
+			." WHERE id=".db_escape($_POST["bank_account"]);
 
 	$result = db_query($sql2,"Error updating reconciliation information");
 	$Ajax->activate('reconciled');
@@ -180,7 +183,7 @@ $sql = "SELECT MAX(reconciled) as last_date,
 		 SUM(IF(reconciled<'$date', amount, 0)) as beg_balance,
 		 SUM(amount) as total
 	FROM ".TB_PREF."bank_trans trans
-	WHERE bank_act=".$_POST['bank_account'];
+	WHERE bank_act=".db_escape($_POST['bank_account']);
 //	." AND trans.reconciled IS NOT NULL";
 
 $result = db_query($sql,"Cannot retrieve reconciliation data");
@@ -195,8 +198,8 @@ if ($row = db_fetch($result)) {
 		if (get_post('bank_date')) {
 			// if it is the last updated bank statement retrieve ending balance
 			$sql = "SELECT ending_reconcile_balance
-				FROM ".TB_PREF."bank_accounts WHERE id=".$_POST['bank_account']
-				. " AND last_reconciled_date='".$_POST['bank_date']."'";
+				FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($_POST['bank_account'])
+				. " AND last_reconciled_date=".db_escape($_POST['bank_date']);
 			$result = db_query($sql,"Cannot retrieve last reconciliation");
 			$row = db_fetch($result);
 			if($row) {
@@ -242,7 +245,7 @@ if (!isset($_POST['bank_account']))
 $sql = "SELECT	type, trans_no, ref, trans_date, 
 				amount,	person_id, person_type_id, reconciled, id
 		FROM ".TB_PREF."bank_trans
-		WHERE ".TB_PREF."bank_trans.bank_act = '" . $_POST['bank_account'] . "'
+		WHERE ".TB_PREF."bank_trans.bank_act = ".db_escape($_POST['bank_account']) . "
 			AND (reconciled IS NULL OR reconciled='". $date ."')
 		ORDER BY trans_date,".TB_PREF."bank_trans.id";
 // or	ORDER BY reconciled desc, trans_date,".TB_PREF."bank_trans.id";
@@ -263,10 +266,7 @@ display_heading($act['bank_account_name']." - ".$act['bank_curr_code']);
 		"X"=>array('insert'=>true, 'fun'=>'rec_checkbox')
 	   );
 	$table =& new_db_pager('trans_tbl', $sql, $cols);
-	if ($update_pager) {
-		$table->set_sql($sql);
-		$table->set_columns($cols);
-	}
+
 	$table->width = "60%";
 	display_db_pager($table);