X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fincludes%2Fdb%2Fitems_category_db.inc;h=27a4ed6bf600da29132de2c44bf21cdf7a2dc566;hb=bfacd15ccdd53a263e0ab28a85aad242d4cca41d;hp=f7d4ed6b5ee86ee5bb8756f2bcd1601ac4889122;hpb=6d27f64388100dbbfad58ccb52c1ed334dd74e16;p=fa-stable.git

diff --git a/inventory/includes/db/items_category_db.inc b/inventory/includes/db/items_category_db.inc
index f7d4ed6b..27a4ed6b 100644
--- a/inventory/includes/db/items_category_db.inc
+++ b/inventory/includes/db/items_category_db.inc
@@ -51,22 +51,31 @@ function update_item_category($id, $description, $tax_type_id,
 		."dflt_assembly_act = ".db_escape($assembly_account).","
 		."dflt_dim1 = ".db_escape($dim1).","
 		."dflt_dim2 = ".db_escape($dim2).","
-		."dflt_no_sale = '$no_sale'"
-        ." WHERE category_id = '$id'";
+		."dflt_no_sale = ".db_escape($no_sale)
+        ."WHERE category_id = ".db_escape($id);
 
 	db_query($sql,"an item category could not be updated");
 }
 
 function delete_item_category($id)
 {
-	$sql="DELETE FROM ".TB_PREF."stock_category WHERE category_id='$id'";
+	$sql="DELETE FROM ".TB_PREF."stock_category WHERE category_id=".db_escape($id);
 
 	db_query($sql,"an item category could not be deleted");
 }
 
+function get_item_categories($show_inactive)
+{
+	$sql = "SELECT c.*, t.name as tax_name FROM ".TB_PREF."stock_category c, "
+		.TB_PREF."item_tax_types t WHERE c.dflt_tax_type=t.id";
+	if (!$show_inactive) $sql .= " AND !c.inactive";
+
+	return db_query($sql, "could not get stock categories");
+}
+
 function get_item_category($id)
 {
-	$sql="SELECT * FROM ".TB_PREF."stock_category WHERE category_id='$id'";
+	$sql="SELECT * FROM ".TB_PREF."stock_category WHERE category_id=".db_escape($id);
 
 	$result = db_query($sql,"an item category could not be retrieved");
 
@@ -75,7 +84,7 @@ function get_item_category($id)
 
 function get_category_name($id)
 {
-	$sql = "SELECT description FROM ".TB_PREF."stock_category WHERE category_id=$id";
+	$sql = "SELECT description FROM ".TB_PREF."stock_category WHERE category_id=".db_escape($id);
 
 	$result = db_query($sql, "could not get sales type");