X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fbanking.inc;h=21dbb8f6fc85516bc819ce47427cf5d00993e835;hb=1f82a87e119d3b3749cf42f3024d7493ef6d8420;hp=59f0fe070743d5ca32141fbf489052c29bedf5de;hpb=da128fc101cb020e2ab05680e6d14eb1a2131ef5;p=fa-stable.git

diff --git a/includes/banking.inc b/includes/banking.inc
index 59f0fe07..21dbb8f6 100644
--- a/includes/banking.inc
+++ b/includes/banking.inc
@@ -21,7 +21,7 @@ include_once($path_to_root . "/gl/includes/gl_db.inc");
 //
 function is_bank_account($account_code)
 {
-	$sql= "SELECT id FROM ".TB_PREF."bank_accounts WHERE account_code='$account_code'";
+	$sql= "SELECT id FROM ".TB_PREF."bank_accounts WHERE account_code=".db_escape($account_code);
 	$result = db_query($sql, "checking account is bank account");
 	if (db_num_rows($result) > 0) {
 		$acct = db_fetch($result);
@@ -41,21 +41,14 @@ function is_company_currency($currency)
 
 function get_company_currency()
 {
-	$sql= "SELECT curr_default FROM ".TB_PREF."company";
-	$result = db_query($sql, "retreive company currency");
-
-	if (db_num_rows($result) == 0)
-		display_db_error("Could not find the requested currency. Fatal.", $sql);
-
-	$myrow = db_fetch_row($result);
-	return $myrow[0];
+	return get_company_pref('curr_default');
 }
 
 //----------------------------------------------------------------------------------
 
 function get_bank_account_currency($id)
 {
-	$sql= "SELECT bank_curr_code FROM ".TB_PREF."bank_accounts WHERE id='$id'";
+	$sql= "SELECT bank_curr_code FROM ".TB_PREF."bank_accounts WHERE id=".db_escape($id);
 	$result = db_query($sql, "retreive bank account currency");
 
 	$myrow = db_fetch_row($result);
@@ -66,7 +59,7 @@ function get_bank_account_currency($id)
 
 function get_customer_currency($customer_id)
 {
-    $sql = "SELECT curr_code FROM ".TB_PREF."debtors_master WHERE debtor_no = '$customer_id'";
+    $sql = "SELECT curr_code FROM ".TB_PREF."debtors_master WHERE debtor_no = ".db_escape($customer_id);
 
 	$result = db_query($sql, "Retreive currency of customer $customer_id");
 
@@ -78,7 +71,7 @@ function get_customer_currency($customer_id)
 
 function get_supplier_currency($supplier_id)
 {
-    $sql = "SELECT curr_code FROM ".TB_PREF."suppliers WHERE supplier_id = '$supplier_id'";
+    $sql = "SELECT curr_code FROM ".TB_PREF."suppliers WHERE supplier_id = ".db_escape($supplier_id);
 
 	$result = db_query($sql, "Retreive currency of supplier $supplier_id");
 
@@ -95,7 +88,7 @@ function get_exchange_rate_from_home_currency($currency_code, $date_)
 
 	$date = date2sql($date_);
 
-	$sql = "SELECT rate_buy, max(date_) as date_ FROM ".TB_PREF."exchange_rates WHERE curr_code = '$currency_code'
+	$sql = "SELECT rate_buy, max(date_) as date_ FROM ".TB_PREF."exchange_rates WHERE curr_code = ".db_escape($currency_code)."
 				AND date_ <= '$date' GROUP BY rate_buy ORDER BY date_ Desc LIMIT 1";
 
 	$result = db_query($sql, "could not query exchange rates");