X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=inventory%2Finquiry%2Fstock_movements.php;h=75837a11089860a0d6b75bc7bd8b228a5796e4d1;hb=36ec54507b7841b2352734b81e45b95e371ecdab;hp=bf80e27a6688085baa596c9ef2750bb595f988e2;hpb=80dd97a37f674cc3691fa04af4c29607067566b2;p=fa-stable.git

diff --git a/inventory/inquiry/stock_movements.php b/inventory/inquiry/stock_movements.php
index bf80e27a..75837a11 100644
--- a/inventory/inquiry/stock_movements.php
+++ b/inventory/inquiry/stock_movements.php
@@ -64,10 +64,10 @@ $after_date = date2sql($_POST['AfterDate']);
 
 $sql = "SELECT type, trans_no, tran_date, person_id, qty, reference
 	FROM ".TB_PREF."stock_moves
-	WHERE loc_code='" . $_POST['StockLocation'] . "'
+	WHERE loc_code=".db_escape($_POST['StockLocation'])."
 	AND tran_date >= '". $after_date . "'
 	AND tran_date <= '" . $before_date . "'
-	AND stock_id = '" . $_POST['stock_id'] . "' ORDER BY tran_date,trans_id";
+	AND stock_id = ".db_escape($_POST['stock_id']) . " ORDER BY tran_date,trans_id";
 $result = db_query($sql, "could not query stock moves");
 
 check_db_error("The stock movements for the selected criteria could not be retrieved",$sql);
@@ -79,8 +79,8 @@ $th = array(_("Type"), _("#"), _("Reference"), _("Date"), _("Detail"),
 
 table_header($th);
 
-$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id='" . $_POST['stock_id'] . "'
-	AND loc_code='" . $_POST['StockLocation'] . "'
+$sql = "SELECT SUM(qty) FROM ".TB_PREF."stock_moves WHERE stock_id=".db_escape($_POST['stock_id']) . "
+	AND loc_code=".db_escape( $_POST['StockLocation']) . "
 	AND tran_date < '" . $after_date . "'";
 $before_qty = db_query($sql, "The starting quantity on hand could not be calculated");
 
@@ -136,7 +136,7 @@ while ($myrow = db_fetch($result))
 	$person = $myrow["person_id"];
 	$gl_posting = "";
 
-	if (($myrow["type"] == 13) || ($myrow["type"] == 11))
+	if (($myrow["type"] == ST_CUSTDELIVERY) || ($myrow["type"] == ST_CUSTCREDIT))
 	{
 		$cust_row = get_customer_details_from_trans($myrow["type"], $myrow["trans_no"]);
 
@@ -144,7 +144,7 @@ while ($myrow = db_fetch($result))
 			$person = $cust_row['name'] . " (" . $cust_row['br_name'] . ")";
 
 	}
-	elseif ($myrow["type"] == 25 || $myrow['type'] == 21)
+	elseif ($myrow["type"] == ST_SUPPRECEIVE || $myrow['type'] == ST_SUPPCREDIT)
 	{
 		// get the supplier name
 		$sql = "SELECT supp_name FROM ".TB_PREF."suppliers WHERE supplier_id = '" . $myrow["person_id"] . "'";
@@ -161,8 +161,8 @@ while ($myrow = db_fetch($result))
 		$movement_type = get_movement_type($myrow["person_id"]);
 		$person = $movement_type["name"];
 	}
-	elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] == 28  ||
-		$myrow["type"] == 29)
+	elseif ($myrow["type"]==ST_WORKORDER || $myrow["type"] == ST_MANUISSUE  ||
+		$myrow["type"] == ST_MANURECEIVE)
 	{
 		$person = "";
 	}