X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fcost_update.php;h=e268f360dbdcdca8d6200bf88d087a57ab98b36d;hb=2a42ffb56ef6651b8a136cd89271e65d397d7677;hp=c35e81b518f9c0a047815f907daefdd1af8b9013;hpb=a5242af68e65661edb7175412444dce536a7f311;p=fa-stable.git diff --git a/inventory/cost_update.php b/inventory/cost_update.php index c35e81b5..e268f360 100644 --- a/inventory/cost_update.php +++ b/inventory/cost_update.php @@ -9,8 +9,8 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -$page_security = 2; -$path_to_root=".."; +$page_security = 'SA_STANDARDCOST'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); @@ -68,7 +68,7 @@ if (isset($_POST['UpdateData'])) if ($update_no > 0) { - display_note(get_gl_view_str(systypes::cost_update(), $update_no, _("View the GL Journal Entries for this Cost Update")), 0, 1); + display_note(get_gl_view_str(ST_COSTUPDATE, $update_no, _("View the GL Journal Entries for this Cost Update")), 0, 1); } } } @@ -77,7 +77,7 @@ if (list_updated('stock_id')) $Ajax->activate('cost_table'); //----------------------------------------------------------------------------------------- -start_form(false, true); +start_form(); if (!isset($_POST['stock_id'])) $_POST['stock_id'] = get_global_stock_item(); @@ -91,7 +91,7 @@ set_global_stock_item($_POST['stock_id']); $sql = "SELECT description, units, material_cost, labour_cost, overhead_cost, mb_flag FROM ".TB_PREF."stock_master - WHERE stock_id='" . $_POST['stock_id'] . "' + WHERE stock_id=".db_escape($_POST['stock_id']) . " GROUP BY description, units, material_cost, labour_cost, overhead_cost, mb_flag"; $result = db_query($sql); check_db_error("The cost details for the item could not be retrieved", $sql); @@ -126,7 +126,7 @@ else end_table(1); div_end(); -submit_center('UpdateData', _("Update")); +submit_center('UpdateData', _("Update"), true, false, 'default'); end_form(); end_page();