X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_bank_accounts.inc;h=5e6fadfbb40f73182b8ed67abeecdea7cf4a0392;hb=54d84ff9a67620ab38c676cdbcf87853632724f0;hp=53f3facfbc9ba0c168ce77e455b75a772e94e096;hpb=2829455fee1259fb5013f382309cb3e61e9381ef;p=fa-stable.git diff --git a/gl/includes/db/gl_db_bank_accounts.inc b/gl/includes/db/gl_db_bank_accounts.inc index 53f3facf..5e6fadfb 100644 --- a/gl/includes/db/gl_db_bank_accounts.inc +++ b/gl/includes/db/gl_db_bank_accounts.inc @@ -15,8 +15,10 @@ function add_bank_account($account_code, $account_type, $bank_account_name, $ban $bank_address, $bank_curr_code) { $sql = "INSERT INTO ".TB_PREF."bank_accounts (account_code, account_type, bank_account_name, bank_name, bank_account_number, bank_address, bank_curr_code) - VALUES (".db_escape($account_code).", $account_type, ".db_escape($bank_account_name).", ".db_escape($bank_name).", ".db_escape($bank_account_number).", - ".db_escape($bank_address).", '$bank_curr_code')"; + VALUES (".db_escape($account_code).", ".db_escape($account_type).", " + .db_escape($bank_account_name).", ".db_escape($bank_name).", " + .db_escape($bank_account_number).",".db_escape($bank_address). + ", ".db_escape($bank_curr_code).")"; db_query($sql, "could not add a bank account for $account_code"); } @@ -26,11 +28,11 @@ function add_bank_account($account_code, $account_type, $bank_account_name, $ban function update_bank_account($id, $account_code, $account_type, $bank_account_name, $bank_name, $bank_account_number, $bank_address, $bank_curr_code) { - $sql = "UPDATE ".TB_PREF."bank_accounts SET account_type = $account_type, + $sql = "UPDATE ".TB_PREF."bank_accounts SET account_type = ".db_escape($account_type).", account_code=".db_escape($account_code).", bank_account_name=".db_escape($bank_account_name).", bank_name=".db_escape($bank_name).", - bank_account_number=".db_escape($bank_account_number).", bank_curr_code='$bank_curr_code', - bank_address=".db_escape($bank_address)." WHERE id = '$id'"; + bank_account_number=".db_escape($bank_account_number).", bank_curr_code=".db_escape($bank_curr_code).", + bank_address=".db_escape($bank_address)." WHERE id = ".db_escape($id); db_query($sql, "could not update bank account for $account_code"); } @@ -39,7 +41,7 @@ function update_bank_account($id, $account_code, $account_type, $bank_account_na function delete_bank_account($id) { - $sql = "DELETE FROM ".TB_PREF."bank_accounts WHERE id='$id'"; + $sql = "DELETE FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($id); db_query($sql,"could not delete bank account for $id"); } @@ -49,7 +51,7 @@ function delete_bank_account($id) function get_bank_account($id) { - $sql = "SELECT * FROM ".TB_PREF."bank_accounts WHERE id='$id'"; + $sql = "SELECT * FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($id); $result = db_query($sql, "could not retreive bank account for $id"); @@ -59,7 +61,7 @@ function get_bank_account($id) //--------------------------------------------------------------------------------------------- function get_bank_gl_account($id) { - $sql = "SELECT account_code FROM ".TB_PREF."bank_accounts WHERE id='$id'"; + $sql = "SELECT account_code FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($id); $result = db_query($sql, "could not retreive bank account for $id"); @@ -73,7 +75,7 @@ function get_bank_gl_account($id) function add_quick_entry($description, $type, $base_amount, $base_desc) { $sql = "INSERT INTO ".TB_PREF."quick_entries (description, type, base_amount, base_desc) - VALUES (".db_escape($description).", $type, " + VALUES (".db_escape($description).", ".db_escape($type).", " .db_escape($base_amount).", ".db_escape($base_desc).")"; db_query($sql, "could not insert quick entry for $description"); @@ -84,8 +86,9 @@ function add_quick_entry($description, $type, $base_amount, $base_desc) function update_quick_entry($selected_id, $description, $type, $base_amount, $base_desc) { $sql = "UPDATE ".TB_PREF."quick_entries SET description = ".db_escape($description).", - type=$type, base_amount=".db_escape($base_amount).", base_desc=".db_escape($base_desc)." - WHERE id = $selected_id"; + type=".db_escape($type).", base_amount=".db_escape($base_amount) + .", base_desc=".db_escape($base_desc)." + WHERE id = ".db_escape($selected_id); db_query($sql, "could not update quick entry for $selected_id"); } @@ -94,7 +97,7 @@ function update_quick_entry($selected_id, $description, $type, $base_amount, $ba function delete_quick_entry($selected_id) { - $sql = "DELETE FROM ".TB_PREF."quick_entries WHERE id=$selected_id"; + $sql = "DELETE FROM ".TB_PREF."quick_entries WHERE id=".db_escape($selected_id); db_query($sql,"could not delete quick entry $selected_id"); } @@ -107,7 +110,7 @@ function add_quick_entry_line($qid, $action, $dest_id, $amount, $dim, $dim2) (qid, action, dest_id, amount, dimension_id, dimension2_id) VALUES ($qid, ".db_escape($action).",".db_escape($dest_id).", - $amount, $dim, $dim2)"; + ".db_escape($amount).", ".db_escape($dim).", ".db_escape($dim2).")"; db_query($sql, "could not insert quick entry line for $qid"); } @@ -116,9 +119,11 @@ function add_quick_entry_line($qid, $action, $dest_id, $amount, $dim, $dim2) function update_quick_entry_line($selected_id, $qid, $action, $dest_id, $amount, $dim, $dim2) { - $sql = "UPDATE ".TB_PREF."quick_entry_lines SET qid = $qid, action=".db_escape($action).", - dest_id=".db_escape($dest_id).", amount=$amount, dimension_id=$dim, dimension2_id=$dim2 - WHERE id = $selected_id"; + $sql = "UPDATE ".TB_PREF."quick_entry_lines SET qid = ".db_escape($qid) + .", action=".db_escape($action).", + dest_id=".db_escape($dest_id).", amount=".db_escape($amount) + .", dimension_id=".db_escape($dim).", dimension2_id=".db_escape($dim2)." + WHERE id = ".db_escape($selected_id); db_query($sql, "could not update quick entry line for $selected_id"); } @@ -127,7 +132,7 @@ function update_quick_entry_line($selected_id, $qid, $action, $dest_id, $amount, function delete_quick_entry_line($selected_id) { - $sql = "DELETE FROM ".TB_PREF."quick_entry_lines WHERE id=$selected_id"; + $sql = "DELETE FROM ".TB_PREF."quick_entry_lines WHERE id=".db_escape($selected_id); db_query($sql,"could not delete quick entry line $selected_id"); } @@ -138,7 +143,7 @@ function has_quick_entries($type=null) { $sql = "SELECT id FROM ".TB_PREF."quick_entries"; if ($type != null) - $sql .= " WHERE type=$type"; + $sql .= " WHERE type=".db_escape($type); $result = db_query($sql, "could not retreive quick entries"); return db_num_rows($result) > 0; @@ -148,7 +153,7 @@ function get_quick_entries($type = null) { $sql = "SELECT * FROM ".TB_PREF."quick_entries"; if ($type != null) - $sql .= " WHERE type=$type"; + $sql .= " WHERE type=".db_escape($type); $sql .= " ORDER BY description"; return db_query($sql, "could not retreive quick entries"); @@ -156,7 +161,7 @@ function get_quick_entries($type = null) function get_quick_entry($selected_id) { - $sql = "SELECT * FROM ".TB_PREF."quick_entries WHERE id=$selected_id"; + $sql = "SELECT * FROM ".TB_PREF."quick_entries WHERE id=".db_escape($selected_id); $result = db_query($sql, "could not retreive quick entry $selected_id"); @@ -173,15 +178,14 @@ function get_quick_entry_lines($qid) LEFT JOIN ".TB_PREF."tax_types ON ".TB_PREF."quick_entry_lines.dest_id = ".TB_PREF."tax_types.id WHERE - qid=$qid - ORDER by id"; + qid=".db_escape($qid)." ORDER by id"; return db_query($sql, "could not retreive quick entries"); } function has_quick_entry_lines($qid) { - $sql = "SELECT id FROM ".TB_PREF."quick_entry_lines WHERE qid=$qid"; + $sql = "SELECT id FROM ".TB_PREF."quick_entry_lines WHERE qid=".db_escape($qid); $result = db_query($sql, "could not retreive quick entries"); return db_num_rows($result) > 0; @@ -191,7 +195,7 @@ function has_quick_entry_lines($qid) function get_quick_entry_line($selected_id) { - $sql = "SELECT * FROM ".TB_PREF."quick_entry_lines WHERE id=$selected_id"; + $sql = "SELECT * FROM ".TB_PREF."quick_entry_lines WHERE id=".db_escape($selected_id); $result = db_query($sql, "could not retreive quick entry for $selected_id");