X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=gl%2Fincludes%2Fdb%2Fgl_db_bank_trans.inc;h=ad369861053d2dc6c47c4f2b62d2cadfe7db7ee7;hb=ebc600101ceab69c06eac4b1bd4d1782af45de05;hp=de2ce4862920f121b5d256b89b5c79c63855f6d9;hpb=d567a10b7925c8bb97c734e213d6651a979af29d;p=fa-stable.git diff --git a/gl/includes/db/gl_db_bank_trans.inc b/gl/includes/db/gl_db_bank_trans.inc index de2ce486..ad369861 100644 --- a/gl/includes/db/gl_db_bank_trans.inc +++ b/gl/includes/db/gl_db_bank_trans.inc @@ -16,7 +16,7 @@ // $date_ is display date (non-sql) function add_bank_trans($type, $trans_no, $bank_act, $ref, $date_, - $amount, $person_type_id, $person_id, $currency="", $err_msg="") + $amount, $person_type_id, $person_id, $currency="", $err_msg="", $rate=0) { $sqlDate = date2sql($date_); @@ -24,7 +24,10 @@ function add_bank_trans($type, $trans_no, $bank_act, $ref, $date_, if ($currency != "") { $bank_account_currency = get_bank_account_currency($bank_act); - $to_bank_currency = get_exchange_rate_from_to($currency, $bank_account_currency, $date_); + if ($rate == 0) + $to_bank_currency = get_exchange_rate_from_to($currency, $bank_account_currency, $date_); + else + $to_bank_currency = 1 / $rate; $amount_bank = ($amount / $to_bank_currency); } else @@ -38,7 +41,8 @@ function add_bank_trans($type, $trans_no, $bank_act, $ref, $date_, trans_date, amount, person_type_id, person_id) "; $sql .= "VALUES ($type, $trans_no, '$bank_act', ".db_escape($ref).", '$sqlDate', - $amount_bank, $person_type_id, ". db_escape($person_id).")"; + ".db_escape($amount_bank).", ".db_escape($person_type_id) + .", ". db_escape($person_id).")"; if ($err_msg == "") $err_msg = "The bank transaction could not be inserted"; @@ -50,8 +54,8 @@ function add_bank_trans($type, $trans_no, $bank_act, $ref, $date_, function exists_bank_trans($type, $type_no) { - $sql = "SELECT trans_no FROM ".TB_PREF."bank_trans WHERE type=$type - AND trans_no=$type_no"; + $sql = "SELECT trans_no FROM ".TB_PREF."bank_trans WHERE type=".db_escape($type) + ." AND trans_no=".db_escape($type_no); $result = db_query($sql, "Cannot retreive a bank transaction"); return (db_num_rows($result) > 0); @@ -65,13 +69,13 @@ function get_bank_trans($type, $trans_no=null, $person_type_id=null, $person_id= FROM ".TB_PREF."bank_trans, ".TB_PREF."bank_accounts WHERE ".TB_PREF."bank_accounts.id=".TB_PREF."bank_trans.bank_act "; if ($type != null) - $sql .= " AND type=$type "; + $sql .= " AND type=".db_escape($type); if ($trans_no != null) - $sql .= " AND ".TB_PREF."bank_trans.trans_no = $trans_no "; + $sql .= " AND ".TB_PREF."bank_trans.trans_no = ".db_escape($trans_no); if ($person_type_id != null) - $sql .= " AND ".TB_PREF."bank_trans.person_type_id = $person_type_id "; + $sql .= " AND ".TB_PREF."bank_trans.person_type_id = ".db_escape($person_type_id); if ($person_id != null) - $sql .= " AND ".TB_PREF."bank_trans.person_id = '$person_id'"; + $sql .= " AND ".TB_PREF."bank_trans.person_id = ".db_escape($person_id); $sql .= " ORDER BY trans_date, ".TB_PREF."bank_trans.id"; return db_query($sql, "query for bank transaction"); @@ -81,7 +85,9 @@ function get_bank_trans($type, $trans_no=null, $person_type_id=null, $person_id= function get_gl_trans_value($account, $type, $trans_no) { - $sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE account='$account' AND type=$type AND type_no=$trans_no"; + $sql = "SELECT SUM(amount) FROM ".TB_PREF."gl_trans WHERE account=" + .db_escape($account)." AND type=".db_escape($type) + ." AND type_no=".db_escape($trans_no); $result = db_query($sql, "query for gl trans value"); @@ -97,7 +103,7 @@ function void_bank_trans($type, $type_no, $nested=false) begin_transaction(); $sql = "UPDATE ".TB_PREF."bank_trans SET amount=0 - WHERE type=$type AND trans_no=$type_no"; + WHERE type=".db_escape($type)." AND trans_no=".db_escape($type_no); $result = db_query($sql, "could not void bank transactions for type=$type and trans_no=$type_no");