X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_accounts.inc;h=7b1cb63bec9b81741bd65933ee2018deb98e04d7;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=b544094e325551c51f0afd1fb79f308ff349513e;hpb=fa3dd600a4b60b528e4c69519c856125e6c3f9bf;p=fa-stable.git

diff --git a/gl/includes/db/gl_db_accounts.inc b/gl/includes/db/gl_db_accounts.inc
index b544094e..7b1cb63b 100644
--- a/gl/includes/db/gl_db_accounts.inc
+++ b/gl/includes/db/gl_db_accounts.inc
@@ -13,7 +13,8 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 {
 	$account_name = db_escape($account_name);
 	$sql = "INSERT INTO ".TB_PREF."chart_master (account_code, account_code2, account_name, account_type)
-		VALUES (".db_escape($account_code).", ".db_escape($account_code2).", $account_name, $account_type)";
+		VALUES (".db_escape($account_code).", ".db_escape($account_code2).", "
+			.db_escape($account_name).", ".db_escape($account_type).")";
 
 	db_query($sql, "could not add gl account");
 }
@@ -21,16 +22,16 @@ function add_gl_account($account_code, $account_name, $account_type, $account_co
 function update_gl_account($account_code, $account_name, $account_type, $account_code2)
 {
 	$account_name = db_escape($account_name);
-    $sql = "UPDATE ".TB_PREF."chart_master SET account_name=$account_name,
-		account_type=$account_type, account_code2=".db_escape($account_code2)
-		." WHERE account_code = '$account_code'";
+    $sql = "UPDATE ".TB_PREF."chart_master SET account_name=".db_escape($account_name)
+    .",account_type=".db_escape($account_type).", account_code2=".db_escape($account_code2)
+		." WHERE account_code = ".db_escape($account_code);
 
 	db_query($sql, "could not update gl account");
 }
 
 function delete_gl_account($code)
 {
-	$sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code='$code'";
+	$sql = "DELETE FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
 
 	db_query($sql, "could not delete gl account");
 }
@@ -41,9 +42,9 @@ function get_gl_accounts($from=null, $to=null)
 		FROM ".TB_PREF."chart_master,".TB_PREF."chart_types
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id";
 	if ($from != null)
-		$sql .= " AND ".TB_PREF."chart_master.account_code >= '$from'";
+		$sql .= " AND ".TB_PREF."chart_master.account_code >= ".db_escape($from);
 	if ($to != null)
-		$sql .= " AND ".TB_PREF."chart_master.account_code <= '$to'";
+		$sql .= " AND ".TB_PREF."chart_master.account_code <= ".db_escape($to);
 	$sql .= " ORDER BY account_code";
 
 	return db_query($sql, "could not get gl accounts");
@@ -51,13 +52,19 @@ function get_gl_accounts($from=null, $to=null)
 
 function get_gl_accounts_all($balance=-1)
 {
-	 $sql = "SELECT ".TB_PREF."chart_master.account_code, ".TB_PREF."chart_master.account_name, ".TB_PREF."chart_types.name AS AccountTypeName,".TB_PREF."chart_types.id AS AccountType,
-	 	".TB_PREF."chart_types.parent, ".TB_PREF."chart_class.class_name AS AccountClassName
+	if ($balance == 1)
+		$where ="WHERE balance_sheet>0 AND balance_sheet<".CL_INCOME;
+	elseif ($balance == 0)	
+		$where ="WHERE balance_sheet>".CL_EQUITY." OR balance_sheet=0"; // backwards compatibility
+ 	$sql = "SELECT ".TB_PREF."chart_master.account_code, ".TB_PREF."chart_master.account_name, ".TB_PREF."chart_master.account_code2,
+ 		".TB_PREF."chart_types.name AS AccountTypeName,".TB_PREF."chart_types.id AS AccountType,
+	 	".TB_PREF."chart_types.parent, ".TB_PREF."chart_class.class_name AS AccountClassName, ".TB_PREF."chart_class.cid AS ClassID, 
+	 	".TB_PREF."chart_class.balance_sheet AS ClassType
 	 	FROM ".TB_PREF."chart_types INNER JOIN ".TB_PREF."chart_class ON ".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid
 	 	LEFT JOIN ".TB_PREF."chart_master ON ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id ";
 	if ($balance != -1)
-		$sql .= "WHERE ".TB_PREF."chart_class.balance_sheet=$balance "; 	 	 		
-	 $sql .= "ORDER BY ".TB_PREF."chart_class.cid, IF(parent > 0,parent,".TB_PREF."chart_types.id), 
+		$sql .= $where; 	 	 		
+	 $sql .= " ORDER BY ".TB_PREF."chart_class.cid, IF(parent > 0,parent,".TB_PREF."chart_types.id), 
 	 	IF(parent > 0,".TB_PREF."chart_types.id, parent), ".TB_PREF."chart_master.account_code";
 
 	return db_query($sql, "could not get gl accounts");
@@ -65,7 +72,7 @@ function get_gl_accounts_all($balance=-1)
 
 function get_gl_account($code)
 {
-	$sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code='$code'";
+	$sql = "SELECT * FROM ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
 
 	$result = db_query($sql, "could not get gl account");
 	return db_fetch($result);
@@ -73,19 +80,20 @@ function get_gl_account($code)
 
 function is_account_balancesheet($code)
 {
-	$sql = "SELECT ".TB_PREF."chart_class.balance_sheet FROM ".TB_PREF."chart_class, ".TB_PREF."chart_types, ".TB_PREF."chart_master
+	$sql = "SELECT ".TB_PREF."chart_class.balance_sheet FROM ".TB_PREF."chart_class, "
+		.TB_PREF."chart_types, ".TB_PREF."chart_master
 		WHERE ".TB_PREF."chart_master.account_type=".TB_PREF."chart_types.id AND
 		".TB_PREF."chart_types.class_id=".TB_PREF."chart_class.cid
-		AND ".TB_PREF."chart_master.account_code='$code'";
+		AND ".TB_PREF."chart_master.account_code=".db_escape($code);
 
 	$result = db_query($sql,"could not retreive the account class for $code");
 	$row = db_fetch_row($result);
-	return $row[0];
+	return $row[0] > 0 && $row[0] < CL_INCOME;
 }
 
 function get_gl_account_name($code)
 {
-	$sql = "SELECT account_name from ".TB_PREF."chart_master WHERE account_code='$code'";
+	$sql = "SELECT account_name from ".TB_PREF."chart_master WHERE account_code=".db_escape($code);
 
 	$result = db_query($sql,"could not retreive the account name for $code");