X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Fincludes%2Fdb%2Fitems_locations_db.inc;h=c37374a9f1f36eb68ad4145c88bfc25bfd3c785a;hb=ae5a4010b62224b1e3d8439517588eb2149478b9;hp=66120c304caec31544671ecf04c703f014bea1d5;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git

diff --git a/inventory/includes/db/items_locations_db.inc b/inventory/includes/db/items_locations_db.inc
index 66120c30..c37374a9 100644
--- a/inventory/includes/db/items_locations_db.inc
+++ b/inventory/includes/db/items_locations_db.inc
@@ -1,29 +1,40 @@
 <?php
-
-function add_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+function add_item_location($loc_code, $location_name, $delivery_address, $phone, $phone2, $fax, $email, $contact)
 {
-	$sql = "INSERT INTO ".TB_PREF."locations (loc_code, location_name, delivery_address, phone, fax, email, contact)
-		VALUES (".db_escape($loc_code).", ".db_escape($location_name).", ".db_escape($delivery_address).", ".db_escape($phone).", ".db_escape($fax).", ".db_escape($email).", ".db_escape($contact).")";
+	$sql = "INSERT INTO ".TB_PREF."locations (loc_code, location_name, delivery_address, phone, phone2, fax, email, contact)
+		VALUES (".db_escape($loc_code).", ".db_escape($location_name).", ".db_escape($delivery_address).", "
+			.db_escape($phone).", ".db_escape($phone2).", ".db_escape($fax).", ".db_escape($email).", "
+			.db_escape($contact).")";
 
 	db_query($sql,"a location could not be added");
 
 	/* Also need to add loc_stock records for all existing items */
 	$sql = "INSERT INTO ".TB_PREF."loc_stock (loc_code, stock_id, reorder_level)
-		SELECT '$loc_code', ".TB_PREF."stock_master.stock_id, 0 FROM ".TB_PREF."stock_master";
+		SELECT ".db_escape($loc_code).", ".TB_PREF."stock_master.stock_id, 0 FROM ".TB_PREF."stock_master";
 
 	db_query($sql,"a location could not be added");
 }
 
 //------------------------------------------------------------------------------------
 
-function update_item_location($loc_code, $location_name, $delivery_address, $phone, $fax, $email, $contact)
+function update_item_location($loc_code, $location_name, $delivery_address, $phone, $phone2, $fax, $email, $contact)
 
 {
     $sql = "UPDATE ".TB_PREF."locations SET location_name=".db_escape($location_name).",
     	delivery_address=".db_escape($delivery_address).",
-    	phone=".db_escape($phone).", fax=".db_escape($fax).",
+    	phone=".db_escape($phone).", phone2=".db_escape($phone2).", fax=".db_escape($fax).",
     	email=".db_escape($email).", contact=".db_escape($contact)."
-    	WHERE loc_code = '$loc_code'";
+    	WHERE loc_code = ".db_escape($loc_code);
 
 	db_query($sql,"a location could not be updated");
 }
@@ -32,10 +43,10 @@ function update_item_location($loc_code, $location_name, $delivery_address, $pho
 
 function delete_item_location($item_location)
 {
-	$sql="DELETE FROM ".TB_PREF."locations WHERE loc_code='$item_location'";
+	$sql="DELETE FROM ".TB_PREF."locations WHERE loc_code=".db_escape($item_location);
 	db_query($sql,"a location could not be deleted");
 
-	$sql = "DELETE FROM ".TB_PREF."loc_stock WHERE loc_code ='$item_location'";
+	$sql = "DELETE FROM ".TB_PREF."loc_stock WHERE loc_code =".db_escape($item_location);
 	db_query($sql,"a location could not be deleted");
 }
 
@@ -43,7 +54,7 @@ function delete_item_location($item_location)
 
 function get_item_location($item_location)
 {
-	$sql="SELECT * FROM ".TB_PREF."locations WHERE loc_code='$item_location'";
+	$sql="SELECT * FROM ".TB_PREF."locations WHERE loc_code=".db_escape($item_location);
 
 	$result = db_query($sql,"a location could not be retrieved");
 
@@ -52,10 +63,19 @@ function get_item_location($item_location)
 
 //------------------------------------------------------------------------------------
 
+function get_item_locations($show_inactive)
+{
+	$sql = "SELECT * FROM ".TB_PREF."locations";
+	if (!$show_inactive) $sql .= " WHERE !inactive";
+	return db_query($sql, "could not query locations");;
+}
+
+//------------------------------------------------------------------------------------
+
 function set_reorder_level($stock_id, $loc_code, $reorder_level)
 {
 	$sql = "UPDATE ".TB_PREF."loc_stock SET reorder_level = $reorder_level
-		WHERE stock_id = '$stock_id' AND loc_code = '$loc_code'";
+		WHERE stock_id = ".db_escape($stock_id)." AND loc_code = ".db_escape($loc_code);
 
 	db_query($sql,"an item reorder could not be set");
 }
@@ -64,13 +84,13 @@ function set_reorder_level($stock_id, $loc_code, $reorder_level)
 
 function get_loc_details($stock_id)
 {
-	$sql = "SELECT ".TB_PREF."loc_stock.*, ".TB_PREF."locations.location_name
-		FROM ".TB_PREF."loc_stock, ".TB_PREF."locations
-		WHERE ".TB_PREF."loc_stock.loc_code=".TB_PREF."locations.loc_code
-		AND ".TB_PREF."loc_stock.stock_id = '" . $stock_id . "' ORDER BY ".TB_PREF."loc_stock.loc_code";
+	$sql = "SELECT stock.loc_code, stock.location_name, "
+	.db_escape($stock_id)." as stock_id, reorders.reorder_level
+		FROM ".TB_PREF."locations stock LEFT JOIN ".TB_PREF."loc_stock reorders ON
+		reorders.loc_code=stock.loc_code
+		AND reorders.stock_id = ".db_escape($stock_id)
+		." ORDER BY reorders.loc_code";
 	return db_query($sql,"an item reorder could not be retreived");
 }
 
-//------------------------------------------------------------------------------------
-
 ?>
\ No newline at end of file