X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Freferences_db.inc;h=71314463339be1294347e99fa546e718c371e5e4;hb=3613e32ad573d5faccb974a421702bdd87583878;hp=77e688a5467c5bff62090a36a80373d7811c0562;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/includes/db/references_db.inc b/includes/db/references_db.inc
index 77e688a5..71314463 100644
--- a/includes/db/references_db.inc
+++ b/includes/db/references_db.inc
@@ -1,12 +1,23 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 //--------------------------------------------------------------------------------------------------
 
 function get_reference($type, $id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."refs WHERE type=$type AND id=$id";
-	
-	return db_query($sql, "could not query reference table");
+	$sql = "SELECT * FROM ".TB_PREF."refs WHERE type=".db_escape($type)." AND id=".db_escape($id);
+
+	$result = db_query($sql, "could not query reference table");
+    $row = db_fetch($result);
+    return $row['reference'];
 }
 
 //--------------------------------------------------------------------------------------------------
@@ -14,17 +25,27 @@ function get_reference($type, $id)
 function add_reference($type, $id, $reference)
 {
 	$sql = "INSERT INTO ".TB_PREF."refs (type, id, reference)
-		VALUES ($type, $id, '" . trim($reference) . "')";
-				
+		VALUES (".db_escape($type).", ".db_escape($id).", "
+			. db_escape(trim($reference)) . ")";
+
 	db_query($sql, "could not add reference entry");
 }
 
+//--------------------------------------------------------------------------------------------------
+ 
+function update_reference($type, $id, $reference)
+{
+    $sql = "UPDATE ".TB_PREF."refs SET reference=".db_escape($reference)
+			." WHERE type=".db_escape($type)." AND id=".db_escape($id);
+    db_query($sql, "could not update reference entry");
+}
+
 //--------------------------------------------------------------------------------------------------
 
 function delete_reference($type, $id)
 {
-	$sql = "DELETE FROM ".TB_PREF."refs WHERE type=$type AND id=$id";
-	
+	$sql = "DELETE FROM ".TB_PREF."refs WHERE type=$type AND id=".db_escape($id);
+
 	return db_query($sql, "could not delete from reference table");
 }
 
@@ -32,10 +53,15 @@ function delete_reference($type, $id)
 
 function find_reference($type, $reference)
 {
-	$sql = "SELECT id FROM ".TB_PREF."refs WHERE type=$type AND reference='$reference'";
-	
+	// ignore refs references for voided transactions
+	$sql = "SELECT r.id FROM ".TB_PREF."refs r LEFT JOIN ".TB_PREF."voided v ON"
+		." r.type=v.type AND r.id=v.id"
+		." WHERE r.type=".db_escape($type)
+		." AND reference=".db_escape($reference)
+		." AND ISNULL(`memo_`)";
+
 	$result = db_query($sql, "could not query reference table");
-	
+
     return (db_num_rows($result) > 0);
 }
 
@@ -43,19 +69,20 @@ function find_reference($type, $reference)
 
 function save_next_reference($type, $reference)
 {
-    $sql = "UPDATE ".TB_PREF."sys_types SET next_reference='" . trim($reference) . "' WHERE type_id = $type";	
-    
-	db_query($sql, "The next transaction ref for $type could not be updated");	
+    $sql = "UPDATE ".TB_PREF."sys_types SET next_reference=" . db_escape(trim($reference)) 
+		. " WHERE type_id = ".db_escape($type);
+
+	db_query($sql, "The next transaction ref for $type could not be updated");
 }
 
 //--------------------------------------------------------------------------------------------------
 
 function get_next_reference($type)
 {
-    $sql = "SELECT next_reference FROM ".TB_PREF."sys_types WHERE type_id = $type";
-    
+    $sql = "SELECT next_reference FROM ".TB_PREF."sys_types WHERE type_id = ".db_escape($type);
+
     $result = db_query($sql,"The last transaction ref for $type could not be retreived");
-    
+
     $row = db_fetch_row($result);
     return $row[0];
 }